Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1544138
MD5:9516a10a1f5ab3f62d09659ac994246b
SHA1:efd31c81e585603f89d6b069794eade8957d423e
SHA256:84ecd88b245e58f57ca29cd44cd2bc94ce0bae7dff92ce9bd9bf9b97f91f4158
Tags:exeuser-Bitsight
Infos:

Detection

Credential Flusher
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6276 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 9516A10A1F5AB3F62D09659AC994246B)
    • taskkill.exe (PID: 6252 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6460 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 3512 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 2132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 3612 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 5180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 1184 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 2120 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 5436 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 824 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 564 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 6596 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 2756 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 824 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2236 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96ad0d25-fff4-4df5-b334-a88dfabb4a43} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 1e95da6f910 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7516 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3968 -parentBuildID 20230927232528 -prefsHandle 3752 -prefMapHandle 4000 -prefsLen 26208 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {645c5d58-8114-49d1-b3ad-07482cd82946} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 1e95da7ce10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7376 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3244 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 1544 -prefMapHandle 1540 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8dfb5d83-e596-439a-8166-f719251ef78f} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 1e97c2dd510 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: file.exe PID: 6276JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for submitted file
    Source: file.exeReversingLabs: Detection: 47%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.6% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49743 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49750 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49760 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49769 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49768 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49772 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49775 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49778 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49779 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.4:49781 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49784 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49785 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49786 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49787 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 142.250.115.100:443 -> 192.168.2.4:60902 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60946 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60947 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60948 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60952 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60955 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60954 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60953 version: TLS 1.2
    Source: Binary string: webauthn.pdb source: firefox.exe, 0000000D.00000003.1800735330.000001E97CAA5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: ktmw32.pdb source: firefox.exe, 0000000D.00000003.1804577414.000001E96D111000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1849592142.000001E96D111000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000D.00000003.1853619671.000001E96D138000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 0000000D.00000003.1853797527.000001E96D138000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000D.00000003.1800735330.000001E97CAA5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000D.00000003.1853619671.000001E96D138000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: ktmw32.pdbGCTL source: firefox.exe, 0000000D.00000003.1804577414.000001E96D111000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1849592142.000001E96D111000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000D.00000003.1853797527.000001E96D138000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002DDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_002DDBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002E68EE FindFirstFileW,FindClose,0_2_002E68EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002E698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_002E698F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002DD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_002DD076
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002DD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_002DD3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002E9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_002E9642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002E979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_002E979D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002E9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_002E9B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002E5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_002E5C97
    Source: firefox.exeMemory has grown: Private usage: 1MB later: 267MB
    Source: unknownNetwork traffic detected: DNS query count 31
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewIP Address: 151.101.193.91 151.101.193.91
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.115.100
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.115.100
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.115.100
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.115.100
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.115.100
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.115.100
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.115.100
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.115.100
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.115.100
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002ECE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_002ECE44
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: firefox.exe, 0000000D.00000003.1911724487.000001E975BF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916272304.000001E975BF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1911724487.000001E975BF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916272304.000001E975BF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1910755158.00003E52D8A03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1910755158.00003E52D8A03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/*Z equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1910755158.00003E52D8A03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.youtube.com/* equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1910755158.00003E52D8A03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.youtube.com/*Z equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1891601320.000001E97C7B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1898676255.000001E97C7B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1910755158.00003E52D8A03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/*Z equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1892205557.000001E97C751000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1899041057.000001E97C751000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.youtube.com/* equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1910755158.00003E52D8A03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.youtube.com/*Z equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1899041057.000001E97C768000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1892205557.000001E97C768000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1912108001.000001E975B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1899041057.000001E97C768000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1892205557.000001E97C768000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1912108001.000001E975B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1891601320.000001E97C7B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1898676255.000001E97C7B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1911038633.000033AA5B603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1910647239.0000160CC0D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.comZ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1892205557.000001E97C751000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1899041057.000001E97C751000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1898676255.000001E97C7B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ="newtab-search-box-handoff-input" data-l10n-args="{&quot;engine&quot;: &quot;Google&quot;}" tabindex="-1"><div class="fake-textbox" data-l10n-id="newtab-search-box-handoff-text" data-l10n-args="{&quot;engine&quot;: &quot;Google&quot;}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;YouTube&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/facebook-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Facebook<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Facebook&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.wikipedia.org/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="W"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/wikipedia-org@2x.png)"></div></div></div><div class="title"><span dir="auto">Wikipedia<span class="sponsored-label" data-l10
    Source: firefox.exe, 0000000D.00000003.1898676255.000001E97C7B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ="newtab-search-box-handoff-input" data-l10n-args="{&quot;engine&quot;: &quot;Google&quot;}" tabindex="-1"><div class="fake-textbox" data-l10n-id="newtab-search-box-handoff-text" data-l10n-args="{&quot;engine&quot;: &quot;Google&quot;}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;YouTube&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/facebook-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Facebook<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Facebook&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.wikipedia.org/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="W"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/wikipedia-org@2x.png)"></div></div></div><div class="title"><span dir="auto">Wikipedia<span class="sponsored-label" data-l10
    Source: firefox.exe, 0000000D.00000003.1899041057.000001E97C768000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1910647239.0000160CC0D03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1892205557.000001E97C768000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1910647239.0000160CC0D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/Z equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1899041057.000001E97C768000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1910647239.0000160CC0D03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1892205557.000001E97C768000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000010.00000002.2937957719.000001F4ECC0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2939360838.000002336B30C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000010.00000002.2937957719.000001F4ECC0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2939360838.000002336B30C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 00000010.00000002.2937957719.000001F4ECC0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2939360838.000002336B30C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1910647239.0000160CC0D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/Z equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1768063888.000001E96E66C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: main/nimbus-desktop-experimentshttps://www.facebook.com/https://www.aliexpress.com/WebExtensionDictionaryManifestWebExtensionLangpackManifestOptionalPermissionNoPromptOptionalPermissionOrOriginFirefoxSpecificPropertiesfavicons/leboncoin-fr.pnghttps://www.amazon.co.uk/images/aliexpress-com@2x.pngimages/twitter-com@2x.pngget searchUrlPublicSuffixfavicons/wikipedia-org.ico__MSG_searchUrlGetParams__GeckoAndroidSpecificPropertiesimages/youtube-com@2x.pngimages/duckduckgo-com@2x.svgfavicons/aliexpress-com.icoimages/facebook-com@2x.pngimages/leboncoin-fr@2x.pnghttps://www.leboncoin.fr/main/nimbus-desktop-experiments__MSG_extensionDescription__https://www.wikipedia.org/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1910647239.0000160CC0D03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1915516027.000001E97BB74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1891601320.000001E97C7B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1911038633.000033AA5B603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1910647239.0000160CC0D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.comZ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1910647239.0000160CC0D03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1892205557.000001E97C751000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1899041057.000001E97C751000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1915516027.000001E97BB74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1910647239.0000160CC0D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.comZ equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: firefox.exe, 0000000D.00000003.1803093532.000001E96D124000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: firefox.exe, 0000000D.00000003.1803153578.000001E96D102000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803093532.000001E96D124000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: firefox.exe, 0000000D.00000003.1803093532.000001E96D124000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: firefox.exe, 0000000D.00000003.1849592142.000001E96D102000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803153578.000001E96D102000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803093532.000001E96D124000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: firefox.exe, 0000000D.00000003.1803153578.000001E96D102000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803093532.000001E96D124000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: firefox.exe, 0000000D.00000003.1803153578.000001E96D102000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803093532.000001E96D124000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: firefox.exe, 0000000D.00000003.1803093532.000001E96D124000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: firefox.exe, 0000000D.00000003.1849592142.000001E96D102000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803153578.000001E96D102000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803093532.000001E96D124000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: firefox.exe, 0000000D.00000003.1803153578.000001E96D102000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803093532.000001E96D124000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: firefox.exe, 0000000D.00000003.1803093532.000001E96D124000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: firefox.exe, 0000000D.00000003.1803093532.000001E96D124000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: firefox.exe, 0000000D.00000003.1803093532.000001E96D124000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: firefox.exe, 0000000D.00000003.1894589619.000001E97C0EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1891601320.000001E97C7B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1898676255.000001E97C7B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1918820370.000001E970D6B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
    Source: firefox.exe, 0000000D.00000003.1900547144.000001E97C0E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 0000000D.00000003.1900547144.000001E97C0E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1899860762.000001E97C1F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 0000000D.00000003.1894745354.000001E97C0AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: firefox.exe, 0000000D.00000003.1893252566.000001E97C266000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
    Source: firefox.exe, 0000000D.00000003.1893252566.000001E97C266000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
    Source: firefox.exe, 0000000D.00000003.1847411324.000001E964807000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.wA
    Source: firefox.exe, 0000000D.00000003.1869840778.000001E96F022000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
    Source: firefox.exe, 0000000D.00000003.1865265263.000001E96F57A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1732071879.000001E96DACD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917626351.000001E975A36000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1920442104.000001E970D22000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1913474619.000001E96F573000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1871249998.000001E96FD64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864938049.000001E9759F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1785214145.000001E96FD60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1856401322.000001E975978000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727266477.000001E96D568000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1732071879.000001E96DAF6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1865265263.000001E96F56C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1732071879.000001E96DABD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1919824526.000001E970D50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1856180671.000001E96FD60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1912382983.000001E975B3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1905832707.000001E96D507000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1850621985.000001E96F33C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1919973553.000001E970D3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1764205353.000001E96FBCD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1918820370.000001E970DAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: firefox.exe, 0000000D.00000003.1803153578.000001E96D102000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803093532.000001E96D124000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: firefox.exe, 0000000D.00000003.1803153578.000001E96D102000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803093532.000001E96D124000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: firefox.exe, 0000000D.00000003.1803093532.000001E96D124000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: firefox.exe, 0000000D.00000003.1849592142.000001E96D102000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803153578.000001E96D102000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803093532.000001E96D124000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.thawte.com0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: firefox.exe, 0000000D.00000003.1803093532.000001E96D124000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://www.mozilla.com0
    Source: firefox.exe, 0000000D.00000003.1901252177.000001E976A93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
    Source: firefox.exe, 0000000D.00000003.1763884993.000001E96FCEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1768063888.000001E96E66C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1915516027.000001E97BB74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: firefox.exe, 0000000D.00000003.1763884993.000001E96FCEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul5
    Source: firefox.exe, 0000000D.00000003.1768063888.000001E96E66C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource://messaging-system/targeting/T
    Source: firefox.exe, 00000010.00000003.1750348413.000001F4ED93C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1749416662.000001F4ED93C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2943473570.000001F4ED93C000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.13.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 0000000D.00000003.1725936433.000001E96D577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725590945.000001E96D53C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725174664.000001E96D300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725380291.000001E96D51F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725766227.000001E96D55A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 0000000D.00000003.1918820370.000001E970D87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
    Source: firefox.exe, 0000000D.00000003.1910851902.000001E97C15F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: file.exe, 00000000.00000003.1734982507.00000000015BF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1738385482.00000000015C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1736486413.00000000015BF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1736584282.00000000015C3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1886644918.000001E96E0A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1886874223.000001E96E071000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1889145021.000001E975CCD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864837660.000001E975CCD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1903649410.000001E96E071000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1892205557.000001E97C751000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1899041057.000001E97C751000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
    Source: file.exe, 00000000.00000002.1738051805.0000000001588000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdX
    Source: firefox.exe, 0000000D.00000003.1894855988.000001E97704F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 0000000D.00000003.1915516027.000001E97BB74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
    Source: firefox.exe, 0000000D.00000003.1915516027.000001E97BB74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
    Source: firefox.exe, 0000000D.00000003.1915516027.000001E97BB74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
    Source: firefox.exe, 0000000D.00000003.1915516027.000001E97BB74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
    Source: firefox.exe, 0000000D.00000003.1915516027.000001E97BB74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
    Source: firefox.exe, 0000000D.00000003.1893252566.000001E97C24E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
    Source: firefox.exe, 0000000D.00000003.1910647239.0000160CC0D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
    Source: firefox.exe, 0000000D.00000003.1910647239.0000160CC0D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.comZ
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 0000000D.00000003.1892861810.000001E97C2D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1899362036.000001E97C2D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1912108001.000001E975B82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914378558.000001E97C2D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1910851902.000001E97C122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 0000000F.00000002.2938962998.000001B4669CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2937957719.000001F4ECCE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2942330651.000002336B504000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
    Source: firefox.exe, 0000000F.00000002.2938962998.000001B4669CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2937957719.000001F4ECCE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2942330651.000002336B504000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
    Source: firefox.exe, 0000000D.00000003.1915202224.000001E97BBB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
    Source: firefox.exe, 0000000D.00000003.1788693428.000001E96E09B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1170143
    Source: firefox.exe, 0000000D.00000003.1788693428.000001E96E09B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788240095.000001E96E039000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788853476.000001E96E0A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
    Source: firefox.exe, 0000000D.00000003.1788693428.000001E96E09B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788240095.000001E96E039000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788853476.000001E96E0A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
    Source: firefox.exe, 0000000D.00000003.1788693428.000001E96E09B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788240095.000001E96E039000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788853476.000001E96E0A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
    Source: firefox.exe, 0000000D.00000003.1788693428.000001E96E09B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788853476.000001E96E0A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
    Source: firefox.exe, 0000000D.00000003.1788693428.000001E96E09B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788240095.000001E96E039000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788853476.000001E96E0A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
    Source: firefox.exe, 0000000D.00000003.1763790844.000001E975A76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916893166.000001E975A76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1768063888.000001E96E66C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
    Source: firefox.exe, 0000000D.00000003.1763790844.000001E975A76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916893166.000001E975A76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1768063888.000001E96E66C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
    Source: firefox.exe, 0000000D.00000003.1768063888.000001E96E66C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464Tried
    Source: firefox.exe, 0000000D.00000003.1763790844.000001E975A76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916893166.000001E975A76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1768063888.000001E96E66C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
    Source: firefox.exe, 0000000D.00000003.1768063888.000001E96E66C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439Force
    Source: firefox.exe, 0000000D.00000003.1768063888.000001E96E66C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
    Source: firefox.exe, 0000000D.00000003.1788693428.000001E96E09B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788240095.000001E96E039000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788853476.000001E96E0A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
    Source: firefox.exe, 0000000D.00000003.1788693428.000001E96E09B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788240095.000001E96E039000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788853476.000001E96E0A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
    Source: firefox.exe, 0000000D.00000003.1788693428.000001E96E09B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=793869
    Source: firefox.exe, 0000000D.00000003.1788693428.000001E96E09B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788853476.000001E96E0A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
    Source: firefox.exe, 0000000D.00000003.1788693428.000001E96E09B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788853476.000001E96E0A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 0000000D.00000003.1725936433.000001E96D577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725590945.000001E96D53C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725174664.000001E96D300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725380291.000001E96D51F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725766227.000001E96D55A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 0000000D.00000003.1916538375.000001E975AE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 0000000F.00000002.2938962998.000001B4669CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2937957719.000001F4ECCE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2942330651.000002336B504000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
    Source: firefox.exe, 0000000F.00000002.2938962998.000001B4669CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2937957719.000001F4ECCE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2942330651.000002336B504000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 0000000D.00000003.1856401322.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1763518605.000001E975AA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864938049.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1765081819.000001E9759B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1877630479.000001E9759A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 0000000D.00000003.1915588792.000001E97BB4B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1893252566.000001E97C24E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000D.00000003.1893252566.000001E97C27D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
    Source: firefox.exe, 0000000D.00000003.1893252566.000001E97C266000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1893252566.000001E97C27A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
    Source: firefox.exe, 0000000D.00000003.1893252566.000001E97C27A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarning
    Source: firefox.exe, 0000000D.00000003.1893252566.000001E97C266000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
    Source: firefox.exe, 0000000D.00000003.1893252566.000001E97C266000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
    Source: firefox.exe, 0000000D.00000003.1856401322.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864938049.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1877630479.000001E9759A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
    Source: firefox.exe, 0000000D.00000003.1856401322.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864938049.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1877630479.000001E9759A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
    Source: firefox.exe, 0000000D.00000003.1856401322.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1763518605.000001E975AA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864938049.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1765081819.000001E9759B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1877630479.000001E9759A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: firefox.exe, 0000000D.00000003.1865265263.000001E96F5CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725936433.000001E96D577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725590945.000001E96D53C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864206717.000001E96F5CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725174664.000001E96D300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725380291.000001E96D51F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1873256284.000001E96F5CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725766227.000001E96D55A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 0000000D.00000003.1768063888.000001E96E66C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/y
    Source: firefox.exe, 0000000D.00000003.1727483949.000001E96BB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1728192081.000001E96BB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727960361.000001E96BB1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
    Source: firefox.exe, 0000000D.00000003.1727483949.000001E96BB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1728192081.000001E96BB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727960361.000001E96BB1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
    Source: firefox.exe, 0000000D.00000003.1893252566.000001E97C266000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
    Source: firefox.exe, 00000010.00000002.2937957719.000001F4ECC12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2939360838.000002336B313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 0000000D.00000003.1780946547.000001E96F529000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1780915005.000001E96F52C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1769127644.000001E96F019000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1775048101.000001E96F02B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1775128137.000001E96F019000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 0000000D.00000003.1900081408.000001E97C1C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1894011035.000001E97C1C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
    Source: firefox.exe, 0000000D.00000003.1910851902.000001E97C15F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
    Source: firefox.exe, 0000000D.00000003.1910851902.000001E97C15F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1899860762.000001E97C1E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1893853417.000001E97C1E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
    Source: firefox.exe, 0000000D.00000003.1894855988.000001E97704F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 00000010.00000002.2937957719.000001F4ECC12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2939360838.000002336B313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 0000000D.00000003.1911724487.000001E975BA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2937957719.000001F4ECCC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2939360838.000002336B3C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 00000010.00000002.2937957719.000001F4ECCC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2939360838.000002336B3C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 00000011.00000002.2939360838.000002336B330000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 0000000D.00000003.1911724487.000001E975BA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
    Source: firefox.exe, 0000000D.00000003.1911724487.000001E975BA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
    Source: firefox.exe, 0000000D.00000003.1911724487.000001E975BA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
    Source: firefox.exe, 0000000D.00000003.1911724487.000001E975BA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
    Source: firefox.exe, 0000000D.00000003.1911724487.000001E975BA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
    Source: firefox.exe, 0000000D.00000003.1911724487.000001E975BA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
    Source: firefox.exe, 0000000D.00000003.1911724487.000001E975BA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
    Source: firefox.exe, 00000010.00000002.2937957719.000001F4ECCC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2939360838.000002336B3C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 0000000D.00000003.1911724487.000001E975BA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
    Source: firefox.exe, 0000000D.00000003.1911724487.000001E975BA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
    Source: firefox.exe, 00000010.00000002.2937957719.000001F4ECCC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2939360838.000002336B3C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 0000000D.00000003.1856401322.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1763518605.000001E975AA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864938049.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1765081819.000001E9759B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1877630479.000001E9759A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
    Source: firefox.exe, 0000000D.00000003.1864938049.000001E9759F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
    Source: firefox.exe, 0000000D.00000003.1864938049.000001E9759F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
    Source: firefox.exe, 0000000D.00000003.1856401322.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1763518605.000001E975AA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864938049.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1877630479.000001E9759A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
    Source: firefox.exe, 0000000D.00000003.1856401322.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1763518605.000001E975AA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864938049.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1877630479.000001E9759A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
    Source: firefox.exe, 0000000D.00000003.1725936433.000001E96D577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725590945.000001E96D53C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725174664.000001E96D300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725380291.000001E96D51F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725766227.000001E96D55A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 0000000D.00000003.1763790844.000001E975A76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916893166.000001E975A76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
    Source: firefox.exe, 0000000D.00000003.1763790844.000001E975A76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916893166.000001E975A76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
    Source: firefox.exe, 0000000D.00000003.1911724487.000001E975BF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916272304.000001E975BF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
    Source: firefox.exe, 0000000D.00000003.1763790844.000001E975A76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916893166.000001E975A76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 0000000D.00000003.1915588792.000001E97BB4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: firefox.exe, 0000000D.00000003.1910851902.000001E97C15F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
    Source: firefox.exe, 0000000D.00000003.1910851902.000001E97C15F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
    Source: firefox.exe, 0000000D.00000003.1910851902.000001E97C15F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
    Source: firefox.exe, 0000000D.00000003.1910851902.000001E97C15F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
    Source: firefox.exe, 0000000D.00000003.1910851902.000001E97C15F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
    Source: prefs-1.js.13.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
    Source: firefox.exe, 0000000D.00000003.1892205557.000001E97C768000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 00000010.00000002.2942761738.000001F4ED405000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2939360838.000002336B3F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 0000000D.00000003.1915202224.000001E97BBB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/ad0c4393-cf07-49a7-b0e1-4e55f
    Source: firefox.exe, 0000000D.00000003.1893853417.000001E97C1E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/a5d6ec76-765c-4778-
    Source: firefox.exe, 00000011.00000002.2939360838.000002336B3F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submitz
    Source: firefox.exe, 0000000D.00000003.1856401322.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1763518605.000001E975AA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864938049.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1877630479.000001E9759A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 0000000D.00000003.1768063888.000001E96E66C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916893166.000001E975A83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
    Source: firefox.exe, 0000000D.00000003.1856401322.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1763518605.000001E975AA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864938049.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1877630479.000001E9759A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
    Source: firefox.exe, 0000000D.00000003.1856401322.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864938049.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1877630479.000001E9759A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
    Source: firefox.exe, 0000000D.00000003.1856401322.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1763518605.000001E975AA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864938049.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1877630479.000001E9759A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 0000000D.00000003.1918820370.000001E970D87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
    Source: firefox.exe, 0000000D.00000003.1918820370.000001E970D87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
    Source: firefox.exe, 0000000D.00000003.1893252566.000001E97C24E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000D.00000003.1727483949.000001E96BB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1728192081.000001E96BB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727960361.000001E96BB1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
    Source: firefox.exe, 0000000D.00000003.1727483949.000001E96BB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1728192081.000001E96BB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727960361.000001E96BB1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
    Source: firefox.exe, 0000000D.00000003.1727483949.000001E96BB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1728192081.000001E96BB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727960361.000001E96BB1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
    Source: firefox.exe, 00000011.00000002.2939360838.000002336B38F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 0000000D.00000003.1894855988.000001E97704F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 0000000D.00000003.1801021966.000001E96D102000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1801373071.000001E96D102000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803153578.000001E96D102000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803093532.000001E96D124000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 0000000D.00000003.1727483949.000001E96BB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1728192081.000001E96BB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727960361.000001E96BB1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 0000000D.00000003.1727483949.000001E96BB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1728192081.000001E96BB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727960361.000001E96BB1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 0000000D.00000003.1894745354.000001E97C0AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 0000000D.00000003.1916538375.000001E975AE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 0000000D.00000003.1725766227.000001E96D55A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 0000000D.00000003.1911724487.000001E975BA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
    Source: firefox.exe, 00000010.00000002.2937957719.000001F4ECC12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2939360838.000002336B313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 0000000D.00000003.1916893166.000001E975A83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 0000000D.00000003.1911724487.000001E975BA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
    Source: firefox.exe, 0000000D.00000003.1911724487.000001E975BA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
    Source: firefox.exe, 00000010.00000002.2942761738.000001F4ED405000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2939360838.000002336B3F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: firefox.exe, 00000011.00000002.2939360838.000002336B3F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user=
    Source: firefox.exe, 0000000D.00000003.1894855988.000001E97704F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 0000000D.00000003.1915588792.000001E97BB4B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1894745354.000001E97C0AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
    Source: firefox.exe, 0000000D.00000003.1915202224.000001E97BBB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: firefox.exe, 0000000D.00000003.1894011035.000001E97C1C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
    Source: firefox.exe, 0000000D.00000003.1893252566.000001E97C266000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
    Source: firefox.exe, 0000000D.00000003.1893252566.000001E97C266000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
    Source: firefox.exe, 0000000D.00000003.1863446571.000001E97028E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
    Source: firefox.exe, 0000000D.00000003.1918820370.000001E970DAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
    Source: firefox.exe, 0000000D.00000003.1894011035.000001E97C1C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
    Source: firefox.exe, 0000000D.00000003.1856401322.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1763518605.000001E975AA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864938049.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1877630479.000001E9759A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 0000000D.00000003.1893252566.000001E97C25E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1893252566.000001E97C266000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
    Source: firefox.exe, 0000000D.00000003.1893252566.000001E97C264000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1893252566.000001E97C25E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1893252566.000001E97C266000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
    Source: firefox.exe, 0000000D.00000003.1893252566.000001E97C25E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
    Source: firefox.exe, 0000000D.00000003.1893252566.000001E97C264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 0000000D.00000003.1894855988.000001E97704F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com/
    Source: firefox.exe, 0000000D.00000003.1892205557.000001E97C768000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1911724487.000001E975BF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916272304.000001E975BF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 0000000D.00000003.1910647239.0000160CC0D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/Z
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 0000000D.00000003.1916893166.000001E975A68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
    Source: firefox.exe, 0000000D.00000003.1856401322.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1763518605.000001E975AA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864938049.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1765081819.000001E9759B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1877630479.000001E9759A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
    Source: firefox.exe, 0000000D.00000003.1768063888.000001E96E66C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
    Source: firefox.exe, 0000000D.00000003.1768063888.000001E96E66C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
    Source: firefox.exe, 0000000D.00000003.1912108001.000001E975B82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916272304.000001E975BF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 0000000F.00000002.2938962998.000001B4669CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2937957719.000001F4ECCE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2942330651.000002336B504000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
    Source: firefox.exe, 0000000D.00000003.1910647239.0000160CC0D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/Z
    Source: firefox.exe, 0000000D.00000003.1865265263.000001E96F5CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725936433.000001E96D577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725590945.000001E96D53C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864206717.000001E96F5CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725174664.000001E96D300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725380291.000001E96D51F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1873256284.000001E96F5CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725766227.000001E96D55A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 0000000D.00000003.1803093532.000001E96D124000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 0000000F.00000002.2938962998.000001B4669CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2937957719.000001F4ECCE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2942330651.000002336B504000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
    Source: firefox.exe, 0000000D.00000003.1916893166.000001E975A68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
    Source: firefox.exe, 0000000D.00000003.1916538375.000001E975ADA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
    Source: firefox.exe, 0000000D.00000003.1766869709.000001E96EBAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1768063888.000001E96E66C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1765496643.000001E96EC5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 0000000D.00000003.1768063888.000001E96E66C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search()
    Source: firefox.exe, 0000000D.00000003.1725936433.000001E96D577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725590945.000001E96D53C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725174664.000001E96D300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725380291.000001E96D51F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725766227.000001E96D55A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 0000000D.00000003.1865265263.000001E96F5CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725936433.000001E96D577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725590945.000001E96D53C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864206717.000001E96F5CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725174664.000001E96D300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725380291.000001E96D51F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1873256284.000001E96F5CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725766227.000001E96D55A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 0000000D.00000003.1899041057.000001E97C751000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: firefox.exe, 0000000D.00000003.1768063888.000001E96E66C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
    Source: firefox.exe, 0000000D.00000003.1894855988.000001E97704F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: firefox.exe, 0000000D.00000003.1894011035.000001E97C1C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
    Source: firefox.exe, 0000000D.00000003.1780946547.000001E96F529000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1780915005.000001E96F52C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1769127644.000001E96F019000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1775048101.000001E96F02B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1775128137.000001E96F019000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
    Source: firefox.exe, 0000000D.00000003.1915516027.000001E97BB74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
    Source: firefox.exe, 0000000D.00000003.1894011035.000001E97C1C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
    Source: firefox.exe, 0000000D.00000003.1910851902.000001E97C126000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1911038633.000033AA5B603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1910851902.000001E97C15F000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.13.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
    Source: firefox.exe, 0000000D.00000003.1900081408.000001E97C1C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1894011035.000001E97C1C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
    Source: firefox.exe, 0000000D.00000003.1911038633.000033AA5B603000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Z
    Source: firefox.exe, 0000000D.00000003.1894011035.000001E97C1C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 00000010.00000002.2937957719.000001F4ECCCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2939360838.000002336B3F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 0000000D.00000003.1911724487.000001E975BA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
    Source: firefox.exe, 0000000F.00000002.2938962998.000001B4669CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/&
    Source: firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000D.00000003.1911724487.000001E975BA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
    Source: firefox.exe, 0000000D.00000003.1900081408.000001E97C1C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1894011035.000001E97C1C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
    Source: firefox.exe, 0000000D.00000003.1918820370.000001E970D87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
    Source: firefox.exe, 0000000D.00000003.1916893166.000001E975A68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
    Source: firefox.exe, 0000000D.00000003.1912108001.000001E975B82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916272304.000001E975BF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 0000000D.00000003.1910647239.0000160CC0D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/Z
    Source: firefox.exe, 0000000D.00000003.1910755158.00003E52D8A03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
    Source: firefox.exe, 0000000D.00000003.1912108001.000001E975B82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916272304.000001E975BF6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1898676255.000001E97C7B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2937957719.000001F4ECC0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2939360838.000002336B30C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 0000000D.00000003.1910647239.0000160CC0D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/Z
    Source: firefox.exe, 0000000D.00000003.1916893166.000001E975A68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
    Source: firefox.exe, 0000000D.00000003.1893252566.000001E97C266000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
    Source: firefox.exe, 0000000D.00000003.1918820370.000001E970D9A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
    Source: recovery.jsonlz4.tmp.13.drString found in binary or memory: https://youtube.com/account?=
    Source: firefox.exe, 00000011.00000002.2938961321.000002336B290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sig
    Source: firefox.exe, 00000011.00000002.2937647293.000002336B06A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challengW
    Source: firefox.exe, 0000000D.00000003.1899041057.000001E97C751000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2941632074.000001B466A84000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2937956750.000001B46665A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2937956750.000001B466650000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2941457939.000001F4ECD74000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2936667950.000001F4ECA8A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2937647293.000002336B06A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2938961321.000002336B294000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000B.00000002.1706507225.00000159EA8EA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.1722225327.000001CDCC197000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
    Source: firefox.exe, 00000011.00000002.2937647293.000002336B060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd/
    Source: firefox.exe, 00000011.00000002.2937647293.000002336B06A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd;
    Source: firefox.exe, 0000000F.00000002.2941632074.000001B466A84000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2937956750.000001B466650000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2941457939.000001F4ECD74000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2936667950.000001F4ECA80000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2937647293.000002336B060000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2938961321.000002336B294000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
    Source: firefox.exe, 00000010.00000002.2936667950.000001F4ECA80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdn
    Source: firefox.exe, 00000010.00000002.2936667950.000001F4ECA8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdz
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
    Source: unknownNetwork traffic detected: HTTP traffic on port 60953 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 60947 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
    Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60904
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60948
    Source: unknownNetwork traffic detected: HTTP traffic on port 60954 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 60948 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 60902 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60947
    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60902
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60946
    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61110
    Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
    Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
    Source: unknownNetwork traffic detected: HTTP traffic on port 60955 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60955
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60954
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60953
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60952
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
    Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 60952 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 61110 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 60946 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 60904 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49743 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49750 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49760 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49769 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49768 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49772 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49775 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49778 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49779 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.4:49781 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49784 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49785 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49786 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49787 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 142.250.115.100:443 -> 192.168.2.4:60902 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60946 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60947 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60948 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60952 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60955 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60954 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60953 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002EEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_002EEAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002EED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_002EED6A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002EEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_002EEAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002DAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_002DAA57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00309576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00309576

    System Summary

    barindex
    Binary is likely a compiled AutoIt script file
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: file.exe, 00000000.00000000.1670087949.0000000000332000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_28550025-4
    Source: file.exe, 00000000.00000000.1670087949.0000000000332000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_d1b7895d-f
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_6d3a9668-0
    Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_e124134a-f
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001F4ECD53EF7 NtQuerySystemInformation,16_2_000001F4ECD53EF7
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001F4ED2247F2 NtQuerySystemInformation,16_2_000001F4ED2247F2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002DD5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_002DD5EB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002D1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_002D1201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002DE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_002DE8F6
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0027BF400_2_0027BF40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002780600_2_00278060
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002E20460_2_002E2046
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002D82980_2_002D8298
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002AE4FF0_2_002AE4FF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002A676B0_2_002A676B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003048730_2_00304873
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0029CAA00_2_0029CAA0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0027CAF00_2_0027CAF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0028CC390_2_0028CC39
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002A6DD90_2_002A6DD9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0028D07D0_2_0028D07D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0028B1190_2_0028B119
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002791C00_2_002791C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002913940_2_00291394
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002917060_2_00291706
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0029781B0_2_0029781B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002779200_2_00277920
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0028997D0_2_0028997D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002919B00_2_002919B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00297A4A0_2_00297A4A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00291C770_2_00291C77
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00297CA70_2_00297CA7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002FBE440_2_002FBE44
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002A9EEE0_2_002A9EEE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00291F320_2_00291F32
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001F4ECD53EF716_2_000001F4ECD53EF7
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001F4ED2247F216_2_000001F4ED2247F2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001F4ED224F1C16_2_000001F4ED224F1C
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001F4ED22483216_2_000001F4ED224832
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0028F9F2 appears 31 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00290A30 appears 46 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal72.troj.evad.winEXE@34/38@69/13
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002E37B5 GetLastError,FormatMessageW,0_2_002E37B5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002D10BF AdjustTokenPrivileges,CloseHandle,0_2_002D10BF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002D16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_002D16C3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002E51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_002E51CD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002DD4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_002DD4DC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002E648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_002E648E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002742A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_002742A2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2132:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:824:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6460:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5180:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2120:120:WilError_03
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
    Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: firefox.exe, 0000000D.00000003.1910851902.000001E97C15F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
    Source: firefox.exe, 0000000D.00000003.1910851902.000001E97C15F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
    Source: firefox.exe, 0000000D.00000003.1910851902.000001E97C15F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
    Source: firefox.exe, 0000000D.00000003.1910851902.000001E97C15F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
    Source: firefox.exe, 0000000D.00000003.1899860762.000001E97C1E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1893853417.000001E97C1E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1900081408.000001E97C1A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;
    Source: firefox.exe, 0000000D.00000003.1910851902.000001E97C15F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
    Source: firefox.exe, 0000000D.00000003.1910851902.000001E97C15F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
    Source: firefox.exe, 0000000D.00000003.1910851902.000001E97C15F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
    Source: firefox.exe, 0000000D.00000003.1910851902.000001E97C15F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
    Source: firefox.exe, 0000000D.00000003.1910851902.000001E97C15F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
    Source: file.exeReversingLabs: Detection: 47%
    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2236 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96ad0d25-fff4-4df5-b334-a88dfabb4a43} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 1e95da6f910 socket
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3968 -parentBuildID 20230927232528 -prefsHandle 3752 -prefMapHandle 4000 -prefsLen 26208 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {645c5d58-8114-49d1-b3ad-07482cd82946} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 1e95da7ce10 rdd
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3244 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 1544 -prefMapHandle 1540 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8dfb5d83-e596-439a-8166-f719251ef78f} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 1e97c2dd510 utility
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2236 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96ad0d25-fff4-4df5-b334-a88dfabb4a43} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 1e95da6f910 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3968 -parentBuildID 20230927232528 -prefsHandle 3752 -prefMapHandle 4000 -prefsLen 26208 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {645c5d58-8114-49d1-b3ad-07482cd82946} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 1e95da7ce10 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3244 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 1544 -prefMapHandle 1540 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8dfb5d83-e596-439a-8166-f719251ef78f} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 1e97c2dd510 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: webauthn.pdb source: firefox.exe, 0000000D.00000003.1800735330.000001E97CAA5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: ktmw32.pdb source: firefox.exe, 0000000D.00000003.1804577414.000001E96D111000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1849592142.000001E96D111000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000D.00000003.1853619671.000001E96D138000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 0000000D.00000003.1853797527.000001E96D138000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000D.00000003.1800735330.000001E97CAA5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000D.00000003.1853619671.000001E96D138000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: ktmw32.pdbGCTL source: firefox.exe, 0000000D.00000003.1804577414.000001E96D111000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1849592142.000001E96D111000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000D.00000003.1853797527.000001E96D138000.00000004.00000020.00020000.00000000.sdmp
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002742DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_002742DE
    Source: gmpopenh264.dll.tmp.13.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00290A76 push ecx; ret 0_2_00290A89
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0028F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0028F98E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00301C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00301C41
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Found API chain indicative of sandbox detection
    Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-94910
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001F4ECD53EF7 rdtsc 16_2_000001F4ECD53EF7
    Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.6 %
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002DDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_002DDBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002E68EE FindFirstFileW,FindClose,0_2_002E68EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002E698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_002E698F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002DD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_002DD076
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002DD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_002DD3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002E9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_002E9642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002E979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_002E979D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002E9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_002E9B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002E5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_002E5C97
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002742DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_002742DE
    Source: firefox.exe, 0000000F.00000002.2942727762.000001B466C00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW+"
    Source: firefox.exe, 00000010.00000002.2936667950.000001F4ECA8A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@t*
    Source: firefox.exe, 0000000F.00000002.2937956750.000001B46665A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2942727762.000001B466C00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2942333864.000001F4ED2A0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2937647293.000002336B06A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2942139384.000002336B400000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: firefox.exe, 0000000F.00000002.2942058809.000001B466B15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: firefox.exe, 0000000F.00000002.2942727762.000001B466C00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllO-
    Source: firefox.exe, 0000000F.00000002.2942727762.000001B466C00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2942333864.000001F4ED2A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: firefox.exe, 00000010.00000002.2942333864.000001F4ED2A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll$
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001F4ECD53EF7 rdtsc 16_2_000001F4ECD53EF7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002EEAA2 BlockInput,0_2_002EEAA2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002A2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_002A2622
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002742DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_002742DE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00294CE8 mov eax, dword ptr fs:[00000030h]0_2_00294CE8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002D0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_002D0B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002A2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_002A2622
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0029083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0029083F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002909D5 SetUnhandledExceptionFilter,0_2_002909D5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00290C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00290C21
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002D1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_002D1201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002B2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_002B2BA5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002DB226 SendInput,keybd_event,0_2_002DB226
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002F22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_002F22DA
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002D0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_002D0B62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002D1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_002D1663
    Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: file.exeBinary or memory string: Shell_TrayWnd
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00290698 cpuid 0_2_00290698
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002E8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_002E8195
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002CD27A GetUserNameW,0_2_002CD27A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002ABB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_002ABB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002742DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_002742DE

    Stealing of Sensitive Information

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 6276, type: MEMORYSTR
    Source: file.exeBinary or memory string: WIN_81
    Source: file.exeBinary or memory string: WIN_XP
    Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: file.exeBinary or memory string: WIN_XPe
    Source: file.exeBinary or memory string: WIN_VISTA
    Source: file.exeBinary or memory string: WIN_7
    Source: file.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 6276, type: MEMORYSTR
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002F1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_002F1204
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002F1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_002F1806

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts    		1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		1
    Exploitation for Privilege Escalation    		2
    Disable or Modify Tools    		21
    Input Capture    		2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		2
    Ingress Tool Transfer    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API    		2
    Valid Accounts    		1
    DLL Side-Loading    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory1
    Account Discovery    		Remote Desktop Protocol21
    Input Capture    		12
    Encrypted Channel    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection    		2
    Obfuscated Files or Information    		Security Account Manager2
    File and Directory Discovery    		SMB/Windows Admin Shares3
    Clipboard Data    		2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
    Valid Accounts    		1
    DLL Side-Loading    		NTDS16
    System Information Discovery    		Distributed Component Object ModelInput Capture3
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
    Access Token Manipulation    		1
    Extra Window Memory Injection    		LSA Secrets131
    Security Software Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
    Process Injection    		1
    Masquerading    		Cached Domain Credentials1
    Virtualization/Sandbox Evasion    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Valid Accounts    		DCSync3
    Process Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Virtualization/Sandbox Evasion    		Proc Filesystem1
    Application Window Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
    Access Token Manipulation    		/etc/passwd and /etc/shadow1
    System Owner/User Discovery    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Process Injection    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1544138 Sample: file.exe Startdate: 28/10/2024 Architecture: WINDOWS Score: 72 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Multi AV Scanner detection for submitted file 2->57 59 Yara detected Credential Flusher 2->59 61 Binary is likely a compiled AutoIt script file 2->61 63 2 other signatures 2->63 8 file.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 224 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 142.250.115.100, 443, 60902 GOOGLEUS United States 19->51 53 youtube.com 142.250.185.174, 443, 49739, 49740 GOOGLEUS United States 19->53 55 11 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe47%ReversingLabsWin32.Trojan.CredentialFlusher
    file.exe100%Joe Sandbox ML

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%URL Reputationsafe
    https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%URL Reputationsafe
    https://datastudio.google.com/embed/reporting/0%URL Reputationsafe
    http://www.mozilla.com00%URL Reputationsafe
    https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%URL Reputationsafe
    https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl0%URL Reputationsafe
    https://merino.services.mozilla.com/api/v1/suggest0%URL Reputationsafe
    https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%URL Reputationsafe
    https://www.leboncoin.fr/0%URL Reputationsafe
    https://spocs.getpocket.com/spocs0%URL Reputationsafe
    https://completion.amazon.com/search/complete?q=0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%URL Reputationsafe
    https://identity.mozilla.com/ids/ecosystem_telemetryU0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%URL Reputationsafe
    https://monitor.firefox.com/breach-details/0%URL Reputationsafe
    https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%URL Reputationsafe
    https://xhr.spec.whatwg.org/#sync-warning0%URL Reputationsafe
    https://services.addons.mozilla.org/api/v4/addons/addon/0%URL Reputationsafe
    https://tracking-protection-issues.herokuapp.com/new0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%URL Reputationsafe
    https://api.accounts.firefox.com/v10%URL Reputationsafe
    https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc0%URL Reputationsafe
    https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%URL Reputationsafe
    https://bugzilla.mozilla.org/show_bug.cgi?id=12836010%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%URL Reputationsafe
    https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=0%URL Reputationsafe
    https://bugzilla.mozilla.org/show_bug.cgi?id=12662200%URL Reputationsafe
    https://bugzilla.mo0%URL Reputationsafe
    https://mitmdetection.services.mozilla.com/0%URL Reputationsafe
    https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture0%URL Reputationsafe
    https://spocs.getpocket.com/0%URL Reputationsafe
    https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%URL Reputationsafe
    https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%URL Reputationsafe
    https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%URL Reputationsafe
    https://monitor.firefox.com/user/breach-stats?includeResolved=true0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%URL Reputationsafe
    https://bugzilla.mozilla.org/show_bug.cgi?id=15844640%URL Reputationsafe
    https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%URL Reputationsafe
    https://monitor.firefox.com/user/dashboard0%URL Reputationsafe
    https://bugzilla.mozilla.org/show_bug.cgi?id=11701430%URL Reputationsafe
    https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%URL Reputationsafe
    https://monitor.firefox.com/about0%URL Reputationsafe
    https://account.bellmedia.c0%URL Reputationsafe
    https://login.microsoftonline.com0%URL Reputationsafe
    https://coverage.mozilla.org0%URL Reputationsafe
    http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
    https://www.zhihu.com/0%URL Reputationsafe
    https://infra.spec.whatwg.org/#ascii-whitespace0%URL Reputationsafe
    https://blocked.cdn.mozilla.net/0%URL Reputationsafe
    https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored0%URL Reputationsafe
    https://json-schema.org/draft/2019-09/schema0%URL Reputationsafe
    http://developer.mozilla.org/en/docs/DOM:element.addEventListener0%URL Reputationsafe
    https://profiler.firefox.com0%URL Reputationsafe
    https://outlook.live.com/default.aspx?rru=compose&to=%s0%URL Reputationsafe
    https://bugzilla.mozilla.org/show_bug.cgi?id=7938690%URL Reputationsafe
    https://mozilla.cloudflare-dns.com/dns-query0%URL Reputationsafe
    https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings20%URL Reputationsafe
    https://bugzilla.mozilla.org/show_bug.cgi?id=16784480%URL Reputationsafe
    https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg0%URL Reputationsafe
    https://contile.services.mozilla.com/v1/tiles0%URL Reputationsafe
    https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/0%URL Reputationsafe
    https://monitor.firefox.com/user/preferences0%URL Reputationsafe
    https://screenshots.firefox.com/0%URL Reputationsafe
    https://truecolors.firefox.com/0%URL Reputationsafe
    https://gpuweb.github.io/gpuweb/0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report0%URL Reputationsafe
    https://www.olx.pl/0%URL Reputationsafe
    https://support.mozilla.org/0%URL Reputationsafe
    https://poczta.interia.pl/mh/?mailto=%s0%URL Reputationsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    		93.184.215.14
    		truefalse
      		unknown
      star-mini.c10r.facebook.com
      		157.240.253.35
      		truefalse
        		unknown
        prod.classify-client.prod.webservices.mozgcp.net
        		35.190.72.216
        		truefalse
          		unknown
          prod.balrog.prod.cloudops.mozgcp.net
          		35.244.181.201
          		truefalse
            		unknown
            twitter.com
            		104.244.42.65
            		truefalse
              		unknown
              prod.detectportal.prod.cloudops.mozgcp.net
              		34.107.221.82
              		truefalse
                		unknown
                services.addons.mozilla.org
                		151.101.193.91
                		truefalse
                  		unknown
                  dyna.wikimedia.org
                  		185.15.59.224
                  		truefalse
                    		unknown
                    prod.remote-settings.prod.webservices.mozgcp.net
                    		34.149.100.209
                    		truefalse
                      		unknown
                      contile.services.mozilla.com
                      		34.117.188.166
                      		truefalse
                        		unknown
                        youtube.com
                        		142.250.185.174
                        		truefalse
                          		unknown
                          prod.content-signature-chains.prod.webservices.mozgcp.net
                          		34.160.144.191
                          		truefalse
                            		unknown
                            youtube-ui.l.google.com
                            		142.250.186.46
                            		truefalse
                              		unknown
                              us-west1.prod.sumo.prod.webservices.mozgcp.net
                              		34.149.128.2
                              		truefalse
                                		unknown
                                reddit.map.fastly.net
                                		151.101.129.140
                                		truefalse
                                  		unknown
                                  ipv4only.arpa
                                  		192.0.0.170
                                  		truefalse
                                    		unknown
                                    prod.ads.prod.webservices.mozgcp.net
                                    		34.117.188.166
                                    		truefalse
                                      		unknown
                                      push.services.mozilla.com
                                      		34.107.243.93
                                      		truefalse
                                        		unknown
                                        normandy-cdn.services.mozilla.com
                                        		35.201.103.21
                                        		truefalse
                                          		unknown
                                          telemetry-incoming.r53-2.services.mozilla.com
                                          		34.120.208.123
                                          		truefalse
                                            		unknown
                                            www.reddit.com
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              spocs.getpocket.com
                                              		unknown
                                              		unknownfalse
                                                		unknown
                                                content-signature-2.cdn.mozilla.net
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  support.mozilla.org
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    firefox.settings.services.mozilla.com
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown
                                                      www.youtube.com
                                                      		unknown
                                                      		unknownfalse
                                                        		unknown
                                                        www.facebook.com
                                                        		unknown
                                                        		unknownfalse
                                                          		unknown
                                                          detectportal.firefox.com
                                                          		unknown
                                                          		unknownfalse
                                                            		unknown
                                                            normandy.cdn.mozilla.net
                                                            		unknown
                                                            		unknownfalse
                                                              		unknown
                                                              shavar.services.mozilla.com
                                                              		unknown
                                                              		unknownfalse
                                                                		unknown
                                                                www.wikipedia.org
                                                                		unknown
                                                                		unknownfalse
                                                                  		unknown

                                                                  URLs from Memory and Binaries

                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000010.00000002.2937957719.000001F4ECCC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2939360838.000002336B3C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://datastudio.google.com/embed/reporting/firefox.exe, 0000000D.00000003.1915588792.000001E97BB4B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1893252566.000001E97C24E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.mozilla.com0gmpopenh264.dll.tmp.13.drfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.firefox.exe, 0000000F.00000002.2938962998.000001B4669CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2937957719.000001F4ECCE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2942330651.000002336B504000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 0000000D.00000003.1856401322.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1763518605.000001E975AA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864938049.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1765081819.000001E9759B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1877630479.000001E9759A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000011.00000002.2939360838.000002336B38F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://www.leboncoin.fr/firefox.exe, 0000000D.00000003.1768063888.000001E96E66C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://spocs.getpocket.com/spocsfirefox.exe, 0000000D.00000003.1916893166.000001E975A83000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://completion.amazon.com/search/complete?q=firefox.exe, 0000000D.00000003.1725936433.000001E96D577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725590945.000001E96D53C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725174664.000001E96D300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725380291.000001E96D51F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725766227.000001E96D55A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 0000000D.00000003.1910851902.000001E97C15F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://monitor.firefox.com/breach-details/firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://github.com/w3c/csswg-drafts/issues/4650firefox.exe, 0000000D.00000003.1763790844.000001E975A76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916893166.000001E975A76000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 0000000D.00000003.1893252566.000001E97C266000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000D.00000003.1865265263.000001E96F5CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725936433.000001E96D577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725590945.000001E96D53C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864206717.000001E96F5CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725174664.000001E96D300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725380291.000001E96D51F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1873256284.000001E96F5CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725766227.000001E96D55A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://www.msn.comfirefox.exe, 0000000D.00000003.1918820370.000001E970D87000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000D.00000003.1725936433.000001E96D577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725590945.000001E96D53C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725174664.000001E96D300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725380291.000001E96D51F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725766227.000001E96D55A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://youtube.com/firefox.exe, 0000000D.00000003.1918820370.000001E970D9A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94firefox.exe, 0000000F.00000002.2938962998.000001B4669CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2937957719.000001F4ECCE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2942330651.000002336B504000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                		unknown
                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://api.accounts.firefox.com/v1firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://www.amazon.com/firefox.exe, 0000000D.00000003.1912108001.000001E975B82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916272304.000001E975BF6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullScfirefox.exe, 0000000D.00000003.1893252566.000001E97C27D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctafirefox.exe, 0000000F.00000002.2938962998.000001B4669CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2937957719.000001F4ECCE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2942330651.000002336B504000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                      		unknown
                                                                                      https://www.youtube.com/firefox.exe, 0000000D.00000003.1912108001.000001E975B82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916272304.000001E975BF6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1898676255.000001E97C7B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2937957719.000001F4ECC0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2939360838.000002336B30C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 0000000D.00000003.1788693428.000001E96E09B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788240095.000001E96E039000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788853476.000001E96E0A9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 0000000D.00000003.1915516027.000001E97BB74000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 0000000D.00000003.1911724487.000001E975BA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2937957719.000001F4ECCC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2939360838.000002336B3C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://127.0.0.1:firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 0000000D.00000003.1788693428.000001E96E09B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788853476.000001E96E0A9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://bugzilla.mofirefox.exe, 0000000D.00000003.1915202224.000001E97BBB9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://mitmdetection.services.mozilla.com/firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://amazon.comfirefox.exe, 0000000D.00000003.1910647239.0000160CC0D03000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://youtube.com/account?=recovery.jsonlz4.tmp.13.drfalse
                                                                                                		unknown
                                                                                                https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 0000000D.00000003.1893252566.000001E97C266000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1893252566.000001E97C27A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://spocs.getpocket.com/firefox.exe, 00000010.00000002.2937957719.000001F4ECC12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2939360838.000002336B313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://www.amazon.com/Zfirefox.exe, 0000000D.00000003.1910647239.0000160CC0D03000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://addons.mozilla.org/firefox.exe, 0000000D.00000003.1894855988.000001E97704F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 0000000D.00000003.1763790844.000001E975A76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916893166.000001E975A76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1768063888.000001E96E66C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://bugzilla.mozilla.org/show_bug.cgi?id=1170143firefox.exe, 0000000D.00000003.1788693428.000001E96E09B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://monitor.firefox.com/aboutfirefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://mozilla.org/MPL/2.0/.firefox.exe, 0000000D.00000003.1865265263.000001E96F57A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1732071879.000001E96DACD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917626351.000001E975A36000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1920442104.000001E970D22000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1913474619.000001E96F573000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1871249998.000001E96FD64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864938049.000001E9759F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1785214145.000001E96FD60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1856401322.000001E975978000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727266477.000001E96D568000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1732071879.000001E96DAF6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1865265263.000001E96F56C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1732071879.000001E96DABD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1919824526.000001E970D50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1856180671.000001E96FD60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1912382983.000001E975B3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1905832707.000001E96D507000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1850621985.000001E96F33C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1919973553.000001E970D3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1764205353.000001E96FBCD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1918820370.000001E970DAE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://account.bellmedia.cfirefox.exe, 0000000D.00000003.1918820370.000001E970D87000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://login.microsoftonline.comfirefox.exe, 0000000D.00000003.1918820370.000001E970D87000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://coverage.mozilla.orgfirefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.13.drfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://www.zhihu.com/firefox.exe, 0000000D.00000003.1916893166.000001E975A68000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 0000000D.00000003.1856401322.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1763518605.000001E975AA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864938049.000001E97599E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1877630479.000001E9759A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://blocked.cdn.mozilla.net/firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 0000000D.00000003.1893252566.000001E97C266000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://json-schema.org/draft/2019-09/schemafirefox.exe, 0000000D.00000003.1768063888.000001E96E66C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916893166.000001E975A83000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 0000000D.00000003.1893252566.000001E97C266000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://profiler.firefox.comfirefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 0000000D.00000003.1727483949.000001E96BB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1728192081.000001E96BB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727960361.000001E96BB1D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://bugzilla.mozilla.org/show_bug.cgi?id=793869firefox.exe, 0000000D.00000003.1788693428.000001E96E09B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 0000000D.00000003.1918820370.000001E970DAE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000000D.00000003.1788693428.000001E96E09B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788240095.000001E96E039000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788853476.000001E96E0A9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 0000000D.00000003.1727483949.000001E96BB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1728192081.000001E96BB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727960361.000001E96BB1D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/firefox.exe, 0000000D.00000003.1915516027.000001E97BB74000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgfirefox.exe, 0000000F.00000002.2938962998.000001B4669CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2937957719.000001F4ECCE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2942330651.000002336B504000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://www.amazon.co.uk/firefox.exe, 0000000D.00000003.1768063888.000001E96E66C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/firefox.exe, 0000000D.00000003.1910851902.000001E97C15F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1899860762.000001E97C1E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1893853417.000001E97C1E5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://monitor.firefox.com/user/preferencesfirefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://screenshots.firefox.com/firefox.exe, 0000000D.00000003.1725766227.000001E96D55A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://truecolors.firefox.com/firefox.exe, 0000000D.00000003.1894855988.000001E97704F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://www.google.com/searchfirefox.exe, 0000000D.00000003.1865265263.000001E96F5CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725936433.000001E96D577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725590945.000001E96D53C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864206717.000001E96F5CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725174664.000001E96D300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725380291.000001E96D51F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1873256284.000001E96F5CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1725766227.000001E96D55A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://gpuweb.github.io/gpuweb/firefox.exe, 0000000D.00000003.1763790844.000001E975A76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916893166.000001E975A76000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://relay.firefox.com/api/v1/firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-reportfirefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://topsites.services.mozilla.com/cid/firefox.exe, 0000000F.00000002.2938586803.000001B466790000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2942013837.000001F4ED1E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2938850231.000002336B230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://twitter.com/firefox.exe, 0000000D.00000003.1892205557.000001E97C768000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1911724487.000001E975BF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916272304.000001E975BF6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://bugzilla.mozilla.org/show_bug.cgi?id=1607439Forcefirefox.exe, 0000000D.00000003.1768063888.000001E96E66C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://bugzilla.mozilla.org/show_bug.cgi?id=1584464Triedfirefox.exe, 0000000D.00000003.1768063888.000001E96E66C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://www.olx.pl/firefox.exe, 0000000D.00000003.1916893166.000001E975A68000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://bugzilla.mozilla.org/show_bug.cgi?id=1193802firefox.exe, 0000000D.00000003.1788693428.000001E96E09B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788240095.000001E96E039000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788853476.000001E96E0A9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://support.mozilla.org/firefox.exe, 0000000D.00000003.1894855988.000001E97704F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            https://www.google.com/complete/search()firefox.exe, 0000000D.00000003.1768063888.000001E96E66C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://poczta.interia.pl/mh/?mailto=%sfirefox.exe, 0000000D.00000003.1727483949.000001E96BB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1728192081.000001E96BB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1727960361.000001E96BB1D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown

                                                                                                                              World Map of Contacted IPs

                                                                                                                              • No. of IPs < 25%
                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                              • 75% < No. of IPs

                                                                                                                              Public IPs

                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                              34.149.100.209
                                                                                                                              		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                              		2686ATGS-MMD-ASUSfalse
                                                                                                                              34.107.243.93
                                                                                                                              		push.services.mozilla.comUnited States
                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                              34.107.221.82
                                                                                                                              		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                              142.250.115.100
                                                                                                                              		unknownUnited States
                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                              35.244.181.201
                                                                                                                              		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                              34.117.188.166
                                                                                                                              		contile.services.mozilla.comUnited States
                                                                                                                              		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                              142.250.185.174
                                                                                                                              		youtube.comUnited States
                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                              151.101.193.91
                                                                                                                              		services.addons.mozilla.orgUnited States
                                                                                                                              		54113FASTLYUSfalse
                                                                                                                              35.201.103.21
                                                                                                                              		normandy-cdn.services.mozilla.comUnited States
                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                              35.190.72.216
                                                                                                                              		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                              34.160.144.191
                                                                                                                              		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                              		2686ATGS-MMD-ASUSfalse
                                                                                                                              34.120.208.123
                                                                                                                              		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                              		15169GOOGLEUSfalse

                                                                                                                              Private

                                                                                                                              IP
                                                                                                                              127.0.0.1

                                                                                                                              General Information

                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                              Analysis ID:1544138
                                                                                                                              Start date and time:2024-10-28 22:11:07 +01:00
                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                              Overall analysis duration:0h 6m 54s
                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                              Report type:full
                                                                                                                              Cookbook file name:default.jbs
                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                              Number of analysed new started processes analysed:22
                                                                                                                              Number of new started drivers analysed:0
                                                                                                                              Number of existing processes analysed:0
                                                                                                                              Number of existing drivers analysed:0
                                                                                                                              Number of injected processes analysed:0
                                                                                                                              Technologies:
                                                                                                                              • HCA enabled
                                                                                                                              • EGA enabled
                                                                                                                              • AMSI enabled
                                                                                                                              Analysis Mode:default
                                                                                                                              Analysis stop reason:Timeout
                                                                                                                              Sample name:file.exe
                                                                                                                              Detection:MAL
                                                                                                                              Classification:mal72.troj.evad.winEXE@34/38@69/13
                                                                                                                              EGA Information:
                                                                                                                              • Successful, ratio: 40%
                                                                                                                              HCA Information:
                                                                                                                              • Successful, ratio: 94%
                                                                                                                              • Number of executed functions: 38
                                                                                                                              • Number of non-executed functions: 316
                                                                                                                              Cookbook Comments:
                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                              Warnings

                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                              • Excluded IPs from analysis (whitelisted): 34.211.181.209, 52.32.18.233, 34.218.156.47, 2.22.61.59, 2.22.61.56, 142.250.186.174, 142.250.186.138, 172.217.18.10
                                                                                                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, slscr.update.microsoft.com, otelrules.azureedge.net, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, safebrowsing.googleapis.com, location.services.mozilla.com
                                                                                                                              • Execution Graph export aborted for target firefox.exe, PID 2756 because there are no executed function
                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                              • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                              • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                              • VT rate limit hit for: file.exe

                                                                                                                              Simulations

                                                                                                                              Behavior and APIs

                                                                                                                              TimeTypeDescription
                                                                                                                              17:12:09API Interceptor1x Sleep call for process: firefox.exe modified

                                                                                                                              Joe Sandbox View / Context

                                                                                                                              IPs

                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              34.117.188.166file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                  151.101.193.91file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                      34.149.100.209file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                          Domains

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          example.orgfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                          twitter.comfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 104.244.42.129
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 104.244.42.65
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 104.244.42.65
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 104.244.42.1
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 104.244.42.129
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 104.244.42.193
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 104.244.42.129
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 104.244.42.1
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 104.244.42.65
                                                                                                                                                                                          star-mini.c10r.facebook.comElectronic_Receipt_ATT0001.virus.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 157.240.251.35
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 157.240.253.35
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 157.240.252.35
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 157.240.253.35
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 157.240.0.35
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 157.240.251.35
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 157.240.251.35
                                                                                                                                                                                          https://link.edgepilot.com/s/b064b0de/7_W48d8I8kGlXhrfD-hDUg?u=https://delivmodas.ks.infinitoag.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 157.240.0.35
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 157.240.253.35
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 157.240.253.35

                                                                                                                                                                                          ASNs

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                          FASTLYUSElectronic_Receipt_ATT0001.virus.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 151.101.2.137
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 151.101.193.91
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                          https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:91f62fbc-7621-46ca-93fe-fff80a9adcdeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 151.101.129.138
                                                                                                                                                                                          https://e.trustifi.com/#/fff2a6/655144/3ac50c/e93bb8/594e42/41c163/f1cd98/92ee40/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/848a7a/9632d0/879ea4/bcfc0d/744595/93daa1/f34456/a15015/3ddaed/fad545/1fd970/328bf8/9bb3f0/c514cd/df7a51/88456c/c9366d/790245/fb6752/33794d/6e0d28/60381b/a98a06/87eaef/01f4e4/642891/927008/b3d84b/be88ef/6f56ca/922d7f/c2017a/2b28ce/5f100a/ab5cfe/ca732f/ba9f64/6c13c0/db448e/12afff/ea859a/0054d0/06ab25/ddf455/c36939/fe771f/592f7f/fd9f55/51d733/4f5c46/02cddd/dbef71/7c02e0/b3eaba/7eac45/4a8768/a7dd16/2174e0/de559c/dacc2a/571f0f/f5f216/44ee34/abbbf4/b6cd49/d82da6/795ff3/bc1fdf/8febc7/4b7488/0cb4fb/7ef03b/a191c5/4d2316/483906/0c1e88Get hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 151.101.130.137
                                                                                                                                                                                          https://myworkspacec1d73.myclickfunnels.com/onlinereview--9097d?preview=trueGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 151.101.194.137
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 151.101.129.91
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 151.101.193.91
                                                                                                                                                                                          ATGS-MMD-ASUSfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                          http://shoutout.wix.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.49.229.81
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 34.160.144.191

                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 142.250.115.100
                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                          • 151.101.193.91
                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 142.250.115.100
                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                          • 151.101.193.91
                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 142.250.115.100
                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                          • 151.101.193.91
                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 142.250.115.100
                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                          • 151.101.193.91
                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 142.250.115.100
                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                          • 151.101.193.91
                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 142.250.115.100
                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                          • 151.101.193.91
                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 142.250.115.100
                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                          • 151.101.193.91
                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 142.250.115.100
                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                          • 151.101.193.91
                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 142.250.115.100
                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                          • 151.101.193.91
                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 142.250.115.100
                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                          • 151.101.193.91
                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                          • 34.120.208.123

                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                              C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_79add623-0739-4feb-ac08-7bbd640abcf2.json (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):7813
                                                                                                                                                                                                              Entropy (8bit):5.1773788785480646
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:+jMXfr8cbhbVbTbfbRbObtbyEl7n4NXJA6WnSrDtTUd/SkDr9:+YYcNhnzFSJYN+BnSrDhUd/H
                                                                                                                                                                                                              MD5:4C8403E64FADB130617E171A94B74756
                                                                                                                                                                                                              SHA1:0A7487218FEC38A7111AA65B82B60A3236BE8368
                                                                                                                                                                                                              SHA-256:35E387AEC7EAF1784E6522BD4371F362676DE2CE6AF23BFCAD5B3D93FA2C12C8
                                                                                                                                                                                                              SHA-512:918F77DF0AC25F07BB6A4AC66832F6DB0C705CC281B3C6E1E68E77A1A4E3A788DE009FB4AA54ABA2ED2E9DAA33CC6DAA54D3A6B8A6ED73E6F4CC18F45F43A112
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:{"type":"uninstall","id":"79add623-0739-4feb-ac08-7bbd640abcf2","creationDate":"2024-10-28T22:50:51.558Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                              C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_79add623-0739-4feb-ac08-7bbd640abcf2.json.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):7813
                                                                                                                                                                                                              Entropy (8bit):5.1773788785480646
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:+jMXfr8cbhbVbTbfbRbObtbyEl7n4NXJA6WnSrDtTUd/SkDr9:+YYcNhnzFSJYN+BnSrDhUd/H
                                                                                                                                                                                                              MD5:4C8403E64FADB130617E171A94B74756
                                                                                                                                                                                                              SHA1:0A7487218FEC38A7111AA65B82B60A3236BE8368
                                                                                                                                                                                                              SHA-256:35E387AEC7EAF1784E6522BD4371F362676DE2CE6AF23BFCAD5B3D93FA2C12C8
                                                                                                                                                                                                              SHA-512:918F77DF0AC25F07BB6A4AC66832F6DB0C705CC281B3C6E1E68E77A1A4E3A788DE009FB4AA54ABA2ED2E9DAA33CC6DAA54D3A6B8A6ED73E6F4CC18F45F43A112
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:{"type":"uninstall","id":"79add623-0739-4feb-ac08-7bbd640abcf2","creationDate":"2024-10-28T22:50:51.558Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                                                              Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                              MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                              SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                              SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                              SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):453023
                                                                                                                                                                                                              Entropy (8bit):7.997718157581587
                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                              SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                              MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                              SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                              SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                              SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3621
                                                                                                                                                                                                              Entropy (8bit):4.925044253294151
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:8S+OfJQPUFpOdwNIOdYVjvYcXaNLORti38P:8S+OBIUjOdwiOdYVjjwLoi8P
                                                                                                                                                                                                              MD5:9E90A4E305E74F70628D698BB500AD95
                                                                                                                                                                                                              SHA1:34B6E4D6D278FD3855EF7946A4CE8428528969FF
                                                                                                                                                                                                              SHA-256:D687037537FB30AFB6ED6643CDBFB9BC571F6AB75CF88138A744A814025806A1
                                                                                                                                                                                                              SHA-512:47F1CC53F174C4C7293D607D60DB2A804DB6BA967762440ED421DEEB356B39521CEE29858FE6EB35C1F76E853C51FD9433B5FD944985604B795C652FE22BBC36
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3621
                                                                                                                                                                                                              Entropy (8bit):4.925044253294151
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:8S+OfJQPUFpOdwNIOdYVjvYcXaNLORti38P:8S+OBIUjOdwiOdYVjjwLoi8P
                                                                                                                                                                                                              MD5:9E90A4E305E74F70628D698BB500AD95
                                                                                                                                                                                                              SHA1:34B6E4D6D278FD3855EF7946A4CE8428528969FF
                                                                                                                                                                                                              SHA-256:D687037537FB30AFB6ED6643CDBFB9BC571F6AB75CF88138A744A814025806A1
                                                                                                                                                                                                              SHA-512:47F1CC53F174C4C7293D607D60DB2A804DB6BA967762440ED421DEEB356B39521CEE29858FE6EB35C1F76E853C51FD9433B5FD944985604B795C652FE22BBC36
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 27954 bytes
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):6075
                                                                                                                                                                                                              Entropy (8bit):6.623258976790648
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:J2YbKsKNU2xWrp327tGmD4wBON6hCY9rI7hlJwgJVLd+MYE0pG+ml1j2+:JTx2x2t0FDJ4NF6ILPd+Md0k+uj
                                                                                                                                                                                                              MD5:0EE1DEA50353EF72B3983D45C0F79672
                                                                                                                                                                                                              SHA1:83A858B3793BD9B1C35A954FA71582F557DDAB01
                                                                                                                                                                                                              SHA-256:76D8DD378010DD3158633286B32FCEE00A63EA8E85EAF2E60A8B8B1F6FD32C87
                                                                                                                                                                                                              SHA-512:D08B7A1C9EBF2C277662EA7314B371EE114153AE8CA840100D9EA053210BD20188CE591CA247C7E541590C6AAD925AD10F84F1AA025ACB2F01BC37B1DBC57EBD
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:mozLz40.2m....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 27954 bytes
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):6075
                                                                                                                                                                                                              Entropy (8bit):6.623258976790648
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:J2YbKsKNU2xWrp327tGmD4wBON6hCY9rI7hlJwgJVLd+MYE0pG+ml1j2+:JTx2x2t0FDJ4NF6ILPd+Md0k+uj
                                                                                                                                                                                                              MD5:0EE1DEA50353EF72B3983D45C0F79672
                                                                                                                                                                                                              SHA1:83A858B3793BD9B1C35A954FA71582F557DDAB01
                                                                                                                                                                                                              SHA-256:76D8DD378010DD3158633286B32FCEE00A63EA8E85EAF2E60A8B8B1F6FD32C87
                                                                                                                                                                                                              SHA-512:D08B7A1C9EBF2C277662EA7314B371EE114153AE8CA840100D9EA053210BD20188CE591CA247C7E541590C6AAD925AD10F84F1AA025ACB2F01BC37B1DBC57EBD
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:mozLz40.2m....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):24
                                                                                                                                                                                                              Entropy (8bit):3.91829583405449
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):24
                                                                                                                                                                                                              Entropy (8bit):3.91829583405449
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\content-prefs.sqlite

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 5
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):262144
                                                                                                                                                                                                              Entropy (8bit):0.04905391753567332
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:DLivwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:D6wae+QtMImelekKDa5
                                                                                                                                                                                                              MD5:DD9D28E87ED57D16E65B14501B4E54D1
                                                                                                                                                                                                              SHA1:793839B47326441BE2D1336BA9A61C9B948C578D
                                                                                                                                                                                                              SHA-256:BB4E6C58C50BD6399ED70468C02B584595C29F010B66F864CD4D6B427FA365BC
                                                                                                                                                                                                              SHA-512:A2626F6A3CBADE62E38DA5987729D99830D0C6AA134D4A9E615026A5F18ACBB11A2C3C80917DAD76DA90ED5BAA9B0454D4A3C2DD04436735E78C974BA1D035B1
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):66
                                                                                                                                                                                                              Entropy (8bit):4.837595020998689
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):66
                                                                                                                                                                                                              Entropy (8bit):4.837595020998689
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):36830
                                                                                                                                                                                                              Entropy (8bit):5.185924656884556
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                                                                                                                                                              MD5:5656BA69BD2966108A461AAE35F60226
                                                                                                                                                                                                              SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                                                                                                                                                              SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                                                                                                                                                              SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):36830
                                                                                                                                                                                                              Entropy (8bit):5.185924656884556
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                                                                                                                                                              MD5:5656BA69BD2966108A461AAE35F60226
                                                                                                                                                                                                              SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                                                                                                                                                              SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                                                                                                                                                              SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqlite-shm

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                                                              Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                              MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                              SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                              SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                              SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1021904
                                                                                                                                                                                                              Entropy (8bit):6.648417932394748
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                              MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1021904
                                                                                                                                                                                                              Entropy (8bit):6.648417932394748
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                              MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):116
                                                                                                                                                                                                              Entropy (8bit):4.968220104601006
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):116
                                                                                                                                                                                                              Entropy (8bit):4.968220104601006
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):98304
                                                                                                                                                                                                              Entropy (8bit):0.07338695179673393
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zkii:DLhesh7Owd4+ji
                                                                                                                                                                                                              MD5:DE5D18165B936F4A50EDA921B0E8EF31
                                                                                                                                                                                                              SHA1:7676F0F726D190EE12117D488F7B5184FF470270
                                                                                                                                                                                                              SHA-256:D836431251AB37418FD161E02307BCEEFA15B7D23AE1C76B639FF1D4E17105B7
                                                                                                                                                                                                              SHA-512:23FD26DDE8466A4E6189B012E978D45C9F9C890F9FA0DE2D15E7D84A12F0F52A6255B9023533BA22A03D24658ED7ACB848A06BE4EFFBD1C38E752D340C497B51
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                                                              Entropy (8bit):0.03498270141093542
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:GtlstF7Df4slSyv8yi4/tlstF7Df4slSyv8y6Z89//alEl:GtWtFlS8LT/tWtFlS8LU89XuM
                                                                                                                                                                                                              MD5:A9FA486D2729F6E13B920C6BE1D41BCA
                                                                                                                                                                                                              SHA1:3D930CDB170143CA3D3F3A20E40074C8B22E9720
                                                                                                                                                                                                              SHA-256:63CFA18C55CD4862E7396B00F07C9BA64023D516361F25E2055D2280BA9CFD8A
                                                                                                                                                                                                              SHA-512:7BF863012F5A071A363EF615FF0E62CEB5144E5F6D77C25ECD8D355C976B51D2C1BAFDABC019D449F7576DE3242B1FB094D7C7E556E452A4D95739152547B9E8
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..-.......................fz.{.vG.c...!.J........-.......................fz.{.vG.c...!.J..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):32824
                                                                                                                                                                                                              Entropy (8bit):0.03960519597504261
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:Ol1R7yZ/P0iZFfeei57l8rEXsxdwhml8XW3R2:KT2/7eZll8dMhm93w
                                                                                                                                                                                                              MD5:591CE96DEDBAD053970728455433A3EA
                                                                                                                                                                                                              SHA1:FAEFD8E9E801A6D2C80193377FF1080F6B656283
                                                                                                                                                                                                              SHA-256:AFB8809DD647C69B83C33C0690547DE5AF02FB51C9A1FD46AD820E4731191601
                                                                                                                                                                                                              SHA-512:E46C05A7186505E963AD45BD6EBC9E61A007CC3E1307766FB3BEA381E104F4C932004D3EF2094E8A4107A557DACF9FB2917896530ED81FC01B2EEA57C7302B02
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:7....-..........G.c...!..*.Z..a.........G.c...!.zf..v.{.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs-1.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):13254
                                                                                                                                                                                                              Entropy (8bit):5.494297305521628
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:PnaRtLYbBp6Vhj4qyaaX96KyqNId5RfGNBw8diSl:6eHqDFmscwZ0
                                                                                                                                                                                                              MD5:F3BE6332E461B49DE14476A65DC3E72F
                                                                                                                                                                                                              SHA1:AF236EF842E7782570F4150D2C09E3287FB64926
                                                                                                                                                                                                              SHA-256:BEBA04060F9C1435D2F5ED8A2719B4E406E20B6B833AB0DBE796A7B46209342C
                                                                                                                                                                                                              SHA-512:C392F0090F0B1A35075D1817DDBE4C4EB932259517DDD6E308A86A983A9A3790B572D0B7E7146F42176A17B4EE63ECDCE78ED0568E3438ED2242E9E94D958412
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1730155822);..user_pref("app.update.lastUpdateTime.background-update-timer", 1730155822);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1730155822);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173015

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):13254
                                                                                                                                                                                                              Entropy (8bit):5.494297305521628
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:PnaRtLYbBp6Vhj4qyaaX96KyqNId5RfGNBw8diSl:6eHqDFmscwZ0
                                                                                                                                                                                                              MD5:F3BE6332E461B49DE14476A65DC3E72F
                                                                                                                                                                                                              SHA1:AF236EF842E7782570F4150D2C09E3287FB64926
                                                                                                                                                                                                              SHA-256:BEBA04060F9C1435D2F5ED8A2719B4E406E20B6B833AB0DBE796A7B46209342C
                                                                                                                                                                                                              SHA-512:C392F0090F0B1A35075D1817DDBE4C4EB932259517DDD6E308A86A983A9A3790B572D0B7E7146F42176A17B4EE63ECDCE78ED0568E3438ED2242E9E94D958412
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1730155822);..user_pref("app.update.lastUpdateTime.background-update-timer", 1730155822);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1730155822);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173015

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\protections.sqlite

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):65536
                                                                                                                                                                                                              Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6:ltBl/l4/WN1h4BEJYqWvLue3FMOrMZ0l:DBl/WuntfJiFxMZO
                                                                                                                                                                                                              MD5:18F65713B07CB441E6A98655B726D098
                                                                                                                                                                                                              SHA1:2CEFA32BC26B25BE81C411B60C9925CB0F1F8F88
                                                                                                                                                                                                              SHA-256:B6C268E48546B113551A5AF9CA86BB6A462A512DE6C9289315E125CEB0FD8621
                                                                                                                                                                                                              SHA-512:A6871076C7D7ED53B630F9F144ED04303AD54A2E60B94ECA2AA96964D1AB375EEFDCA86CE0D3EB0E9DBB81470C6BD159877125A080C95EB17E54A52427F805FB
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\4ff0b83d-6c02-489d-9591-f26b74654fd2 (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):493
                                                                                                                                                                                                              Entropy (8bit):4.979142469096491
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:YZFgJrhnJAx/THIVHlW8cOlZGV1AQIYzvZcyBuLZ2d:YmEx/THSlCOlZGV1AQIWZcy6Z2d
                                                                                                                                                                                                              MD5:17576457B5A3C4A39A0CE254A6997522
                                                                                                                                                                                                              SHA1:25F9332A0979AB22F91549F457C82918FE80D6E4
                                                                                                                                                                                                              SHA-256:09DD1BB963E63055B25660755F651EB4CAEC54D709E6AC55532037714A046B22
                                                                                                                                                                                                              SHA-512:DA1C432AB71B496222DD8C753D426E8CBED2BC8A4F960716DE44E6D84F4F89C5AC1D9592A90F411477250AEC32CE306179AB308D32D3044C5C2F0C64F2733C5A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:{"type":"health","id":"4ff0b83d-6c02-489d-9591-f26b74654fd2","creationDate":"2024-10-28T22:50:52.194Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c"}

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\4ff0b83d-6c02-489d-9591-f26b74654fd2.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                              Size (bytes):493
                                                                                                                                                                                                              Entropy (8bit):4.979142469096491
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:YZFgJrhnJAx/THIVHlW8cOlZGV1AQIYzvZcyBuLZ2d:YmEx/THSlCOlZGV1AQIWZcy6Z2d
                                                                                                                                                                                                              MD5:17576457B5A3C4A39A0CE254A6997522
                                                                                                                                                                                                              SHA1:25F9332A0979AB22F91549F457C82918FE80D6E4
                                                                                                                                                                                                              SHA-256:09DD1BB963E63055B25660755F651EB4CAEC54D709E6AC55532037714A046B22
                                                                                                                                                                                                              SHA-512:DA1C432AB71B496222DD8C753D426E8CBED2BC8A4F960716DE44E6D84F4F89C5AC1D9592A90F411477250AEC32CE306179AB308D32D3044C5C2F0C64F2733C5A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:{"type":"health","id":"4ff0b83d-6c02-489d-9591-f26b74654fd2","creationDate":"2024-10-28T22:50:52.194Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c"}

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):90
                                                                                                                                                                                                              Entropy (8bit):4.194538242412464
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                              MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                              SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                              SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                              SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):90
                                                                                                                                                                                                              Entropy (8bit):4.194538242412464
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                              MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                              SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                              SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                              SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 5862 bytes
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1604
                                                                                                                                                                                                              Entropy (8bit):6.357500310820304
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:vkSUGlcAxSq4WLXnIg7K/pnxQwRls6Zsp9BaGH3j6xiMFJtdL/5QH2oXpTurD/Ib:cpOxB4WOnRTZY9B9GxHH5kpTgwcR4
                                                                                                                                                                                                              MD5:3A8BEF924DD8470BCBF592A311075F0C
                                                                                                                                                                                                              SHA1:1FB36E464761D05FF8D7CBC0830D2145A4170FBF
                                                                                                                                                                                                              SHA-256:4F0A543E508AD79C26A9CEC193F0E32BEA00E3DD228FB59CF701469F00353FE3
                                                                                                                                                                                                              SHA-512:63C21104E15588560D31C573E4791C0976DECD3DBB7539DD38BE9A82A8D9DB790C93FADE3234D67A82AEDC9351902B2F668B1957DF80E5681CB96377C231F31E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{6a25906d-61bc-45c5-b1a1-5665eda70244}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1730155826722,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1280,"height":1024,"screenX......Y..Aizem..."maximize......BeforeMin...&..workspace:...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zE..1...Wn..m........k..;....1":{..mUpdate...startTim..`791517...centCrash..B0},".....Dcook.. hod..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,a.Donly..eexpiry....796942,"originA..

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 5862 bytes
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1604
                                                                                                                                                                                                              Entropy (8bit):6.357500310820304
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:vkSUGlcAxSq4WLXnIg7K/pnxQwRls6Zsp9BaGH3j6xiMFJtdL/5QH2oXpTurD/Ib:cpOxB4WOnRTZY9B9GxHH5kpTgwcR4
                                                                                                                                                                                                              MD5:3A8BEF924DD8470BCBF592A311075F0C
                                                                                                                                                                                                              SHA1:1FB36E464761D05FF8D7CBC0830D2145A4170FBF
                                                                                                                                                                                                              SHA-256:4F0A543E508AD79C26A9CEC193F0E32BEA00E3DD228FB59CF701469F00353FE3
                                                                                                                                                                                                              SHA-512:63C21104E15588560D31C573E4791C0976DECD3DBB7539DD38BE9A82A8D9DB790C93FADE3234D67A82AEDC9351902B2F668B1957DF80E5681CB96377C231F31E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{6a25906d-61bc-45c5-b1a1-5665eda70244}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1730155826722,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1280,"height":1024,"screenX......Y..Aizem..."maximize......BeforeMin...&..workspace:...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zE..1...Wn..m........k..;....1":{..mUpdate...startTim..`791517...centCrash..B0},".....Dcook.. hod..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,a.Donly..eexpiry....796942,"originA..

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 5862 bytes
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1604
                                                                                                                                                                                                              Entropy (8bit):6.357500310820304
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:vkSUGlcAxSq4WLXnIg7K/pnxQwRls6Zsp9BaGH3j6xiMFJtdL/5QH2oXpTurD/Ib:cpOxB4WOnRTZY9B9GxHH5kpTgwcR4
                                                                                                                                                                                                              MD5:3A8BEF924DD8470BCBF592A311075F0C
                                                                                                                                                                                                              SHA1:1FB36E464761D05FF8D7CBC0830D2145A4170FBF
                                                                                                                                                                                                              SHA-256:4F0A543E508AD79C26A9CEC193F0E32BEA00E3DD228FB59CF701469F00353FE3
                                                                                                                                                                                                              SHA-512:63C21104E15588560D31C573E4791C0976DECD3DBB7539DD38BE9A82A8D9DB790C93FADE3234D67A82AEDC9351902B2F668B1957DF80E5681CB96377C231F31E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{6a25906d-61bc-45c5-b1a1-5665eda70244}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1730155826722,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1280,"height":1024,"screenX......Y..Aizem..."maximize......BeforeMin...&..workspace:...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zE..1...Wn..m........k..;....1":{..mUpdate...startTim..`791517...centCrash..B0},".....Dcook.. hod..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,a.Donly..eexpiry....796942,"originA..

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage.sqlite

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4096
                                                                                                                                                                                                              Entropy (8bit):2.0836444556178684
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                              MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                                                                                                                                                                              SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                                                                                                                                                                              SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                                                                                                                                                                              SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4537
                                                                                                                                                                                                              Entropy (8bit):5.032699943078971
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:YrSAYWV6UQZpExB1+anOsW4Vh351VxWRzzc8eYMsku7f86SLAVL7if5FtsfAcbyk:ycWVyTEr5QFRzzcMvbw6KkCrrc2Rn27
                                                                                                                                                                                                              MD5:ED657A9556CBBF25575AED55FAD80106
                                                                                                                                                                                                              SHA1:4EB0EB50A4374E251911E108191ACB21F3C7E47D
                                                                                                                                                                                                              SHA-256:893779C6954DE35828BBD0DFD4F923437940DFB81AA33C19EAAE4AAB448783A8
                                                                                                                                                                                                              SHA-512:C27C063516777BED979DF183155C377EE5E723E144705986BA8A4B5E60214740FC045886CF01F263214A3E0422E5B2AB1031ED7DC3CC698D5C167994CBB470F9
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-10-28T22:50:09.039Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4537
                                                                                                                                                                                                              Entropy (8bit):5.032699943078971
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:YrSAYWV6UQZpExB1+anOsW4Vh351VxWRzzc8eYMsku7f86SLAVL7if5FtsfAcbyk:ycWVyTEr5QFRzzcMvbw6KkCrrc2Rn27
                                                                                                                                                                                                              MD5:ED657A9556CBBF25575AED55FAD80106
                                                                                                                                                                                                              SHA1:4EB0EB50A4374E251911E108191ACB21F3C7E47D
                                                                                                                                                                                                              SHA-256:893779C6954DE35828BBD0DFD4F923437940DFB81AA33C19EAAE4AAB448783A8
                                                                                                                                                                                                              SHA-512:C27C063516777BED979DF183155C377EE5E723E144705986BA8A4B5E60214740FC045886CF01F263214A3E0422E5B2AB1031ED7DC3CC698D5C167994CBB470F9
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-10-28T22:50:09.039Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\xulstore.json (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):156
                                                                                                                                                                                                              Entropy (8bit):4.411137816108237
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:YGNDhK6c2us1pNGHfYL2HEYwgL2HEmxhHtifYYMgEYyibudJ8KgfHVEW1:YGNTG/I2XV2fEzLEJ8Kgf1Ew
                                                                                                                                                                                                              MD5:AAC5F6FC2FA4A5691A244B46164834FD
                                                                                                                                                                                                              SHA1:F011E46647F4C402B798C285DE982A6BB9EC73BF
                                                                                                                                                                                                              SHA-256:BE115879DA967E2C1213870515E049801E5950D1179325B99891869A40263BB0
                                                                                                                                                                                                              SHA-512:963486CF702B7623C20123B669F538ADBC51B996E67AB52EDE4635FF05034CA28A3926A98656CB5E8E9BB2C1FBAD338744B312B4673585FD9810AA6E36D343EC
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:{"chrome://browser/content/browser.xhtml":{"sidebar-box":{"sidebarcommand":"","style":""},"sidebar-title":{"value":""},"main-window":{"sizemode":"normal"}}}

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\xulstore.json.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):156
                                                                                                                                                                                                              Entropy (8bit):4.411137816108237
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:YGNDhK6c2us1pNGHfYL2HEYwgL2HEmxhHtifYYMgEYyibudJ8KgfHVEW1:YGNTG/I2XV2fEzLEJ8Kgf1Ew
                                                                                                                                                                                                              MD5:AAC5F6FC2FA4A5691A244B46164834FD
                                                                                                                                                                                                              SHA1:F011E46647F4C402B798C285DE982A6BB9EC73BF
                                                                                                                                                                                                              SHA-256:BE115879DA967E2C1213870515E049801E5950D1179325B99891869A40263BB0
                                                                                                                                                                                                              SHA-512:963486CF702B7623C20123B669F538ADBC51B996E67AB52EDE4635FF05034CA28A3926A98656CB5E8E9BB2C1FBAD338744B312B4673585FD9810AA6E36D343EC
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:{"chrome://browser/content/browser.xhtml":{"sidebar-box":{"sidebarcommand":"","style":""},"sidebar-title":{"value":""},"main-window":{"sizemode":"normal"}}}

                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                              General

                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Entropy (8bit):6.584696472606576
                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                              File name:file.exe
                                                                                                                                                                                                              File size:919'552 bytes
                                                                                                                                                                                                              MD5:9516a10a1f5ab3f62d09659ac994246b
                                                                                                                                                                                                              SHA1:efd31c81e585603f89d6b069794eade8957d423e
                                                                                                                                                                                                              SHA256:84ecd88b245e58f57ca29cd44cd2bc94ce0bae7dff92ce9bd9bf9b97f91f4158
                                                                                                                                                                                                              SHA512:f4e9548c35c5317d2d32886685d0e4f0a35ddb3d290c269b6066bc8310e79fc9180b675b153ec5276a5873d0c61dca4ad03cb5f22a6e9872ae2730452111d670
                                                                                                                                                                                                              SSDEEP:12288:YqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga/Tl:YqDEvCTbMWu7rQYlBQcBiT6rprG8abl
                                                                                                                                                                                                              TLSH:C4159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                                                                                                                                                                              File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                              Icon Hash:aaf3e3e3938382a0

                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Entrypoint:0x420577
                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                              Time Stamp:0x671FFD95 [Mon Oct 28 21:09:41 2024 UTC]
                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                              OS Version Major:5
                                                                                                                                                                                                              OS Version Minor:1
                                                                                                                                                                                                              File Version Major:5
                                                                                                                                                                                                              File Version Minor:1
                                                                                                                                                                                                              Subsystem Version Major:5
                                                                                                                                                                                                              Subsystem Version Minor:1
                                                                                                                                                                                                              Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                              call 00007FDD58E337F3h
                                                                                                                                                                                                              jmp 00007FDD58E330FFh
                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                              push esi
                                                                                                                                                                                                              push dword ptr [ebp+08h]
                                                                                                                                                                                                              mov esi, ecx
                                                                                                                                                                                                              call 00007FDD58E332DDh
                                                                                                                                                                                                              mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                              mov eax, esi
                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                              pop ebp
                                                                                                                                                                                                              retn 0004h
                                                                                                                                                                                                              and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                              mov eax, ecx
                                                                                                                                                                                                              and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                              mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                              mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                              ret
                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                              push esi
                                                                                                                                                                                                              push dword ptr [ebp+08h]
                                                                                                                                                                                                              mov esi, ecx
                                                                                                                                                                                                              call 00007FDD58E332AAh
                                                                                                                                                                                                              mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                              mov eax, esi
                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                              pop ebp
                                                                                                                                                                                                              retn 0004h
                                                                                                                                                                                                              and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                              mov eax, ecx
                                                                                                                                                                                                              and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                              mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                              mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                              ret
                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                              push esi
                                                                                                                                                                                                              mov esi, ecx
                                                                                                                                                                                                              lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                              mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                              and dword ptr [eax], 00000000h
                                                                                                                                                                                                              and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                              push eax
                                                                                                                                                                                                              mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                              add eax, 04h
                                                                                                                                                                                                              push eax
                                                                                                                                                                                                              call 00007FDD58E35E9Dh
                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                              mov eax, esi
                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                              pop ebp
                                                                                                                                                                                                              retn 0004h
                                                                                                                                                                                                              lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                              mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                              push eax
                                                                                                                                                                                                              call 00007FDD58E35EE8h
                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                              ret
                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                              push esi
                                                                                                                                                                                                              mov esi, ecx
                                                                                                                                                                                                              lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                              mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                              push eax
                                                                                                                                                                                                              call 00007FDD58E35ED1h
                                                                                                                                                                                                              test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                              pop ecx

                                                                                                                                                                                                              Rich Headers

                                                                                                                                                                                                              Programming Language:
                                                                                                                                                                                                              • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                              • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9c28.rsrc
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                              Sections

                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                              .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                              .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                              .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                              .rsrc0xd40000x9c280x9e00e3b79951a424aba9f317c5cd640708a8False0.31561511075949367data5.3739751062932815IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                              .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                              Resources

                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                              RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                              RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                              RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                              RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                              RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                              RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                              RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                              RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                              RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                              RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                              RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                              RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                              RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                              RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                              RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                              RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                              RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                              RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                              RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                              RT_RCDATA0xdc7b80xef0data1.0028765690376569
                                                                                                                                                                                                              RT_GROUP_ICON0xdd6a80x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                              RT_GROUP_ICON0xdd7200x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                              RT_GROUP_ICON0xdd7340x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                              RT_GROUP_ICON0xdd7480x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                              RT_VERSION0xdd75c0xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                              RT_MANIFEST0xdd8380x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                                                                                                                                              Imports

                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                              WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                              VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                              WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                              COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                              MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                              WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                              PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                              IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                              USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                              UxTheme.dllIsThemeActive
                                                                                                                                                                                                              KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                              USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                              GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                              COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                              ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                              SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                              ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                              OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                                                                                                                                              Possible Origin

                                                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                              EnglishGreat Britain

                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                              Oct 28, 2024 22:12:05.183674097 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                              Oct 28, 2024 22:12:05.183722973 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:05.189305067 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                              Oct 28, 2024 22:12:05.194211960 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                              Oct 28, 2024 22:12:05.194228888 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:05.825916052 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:05.826018095 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                              Oct 28, 2024 22:12:05.834477901 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                              Oct 28, 2024 22:12:05.834506035 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:05.834788084 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:05.834795952 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                              Oct 28, 2024 22:12:05.834805965 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:06.047375917 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:06.047617912 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                              Oct 28, 2024 22:12:07.916637897 CET4973880192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:07.922164917 CET804973834.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:07.922262907 CET4973880192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:07.924242020 CET4973880192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:07.930260897 CET804973834.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:07.934164047 CET49739443192.168.2.4142.250.185.174
                                                                                                                                                                                                              Oct 28, 2024 22:12:07.934217930 CET44349739142.250.185.174192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:07.934417963 CET49739443192.168.2.4142.250.185.174
                                                                                                                                                                                                              Oct 28, 2024 22:12:07.935905933 CET49739443192.168.2.4142.250.185.174
                                                                                                                                                                                                              Oct 28, 2024 22:12:07.935925007 CET44349739142.250.185.174192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.052731037 CET49740443192.168.2.4142.250.185.174
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.052815914 CET44349740142.250.185.174192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.053380966 CET49740443192.168.2.4142.250.185.174
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.055354118 CET49740443192.168.2.4142.250.185.174
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.055392981 CET44349740142.250.185.174192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.485591888 CET49741443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.485621929 CET4434974134.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.486176014 CET49741443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.488198042 CET49741443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.488212109 CET4434974134.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.510976076 CET804973834.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.514290094 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.514355898 CET4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.516050100 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.517456055 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.517479897 CET4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.558028936 CET4973880192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.558655024 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.558702946 CET4434974335.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.558820009 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.558975935 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.558990955 CET4434974335.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.723928928 CET4974480192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.729626894 CET804974434.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.730902910 CET4974480192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.731087923 CET4974480192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.736444950 CET804974434.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.803196907 CET44349739142.250.185.174192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.803340912 CET49739443192.168.2.4142.250.185.174
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.803798914 CET44349739142.250.185.174192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.804435968 CET49739443192.168.2.4142.250.185.174
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.807842970 CET49739443192.168.2.4142.250.185.174
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.807857037 CET44349739142.250.185.174192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.807957888 CET49739443192.168.2.4142.250.185.174
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.808070898 CET44349739142.250.185.174192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.809494972 CET49739443192.168.2.4142.250.185.174
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.894812107 CET44349740142.250.185.174192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.895685911 CET44349740142.250.185.174192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.897186041 CET49740443192.168.2.4142.250.185.174
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.897242069 CET44349740142.250.185.174192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.922478914 CET49740443192.168.2.4142.250.185.174
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.922516108 CET44349740142.250.185.174192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.922646999 CET49740443192.168.2.4142.250.185.174
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.922698021 CET44349740142.250.185.174192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.923171997 CET49745443192.168.2.4142.250.185.174
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.923264027 CET44349745142.250.185.174192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.937649012 CET49740443192.168.2.4142.250.185.174
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.937655926 CET49745443192.168.2.4142.250.185.174
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.939253092 CET49745443192.168.2.4142.250.185.174
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.939305067 CET44349745142.250.185.174192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.099498987 CET4434974134.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.104116917 CET49741443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.135185957 CET4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.139997959 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.178855896 CET4434974335.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.180373907 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.182569981 CET49741443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.182610035 CET4434974134.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.182794094 CET4434974134.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.186451912 CET49741443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.186472893 CET4434974134.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.200371027 CET49741443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.229703903 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.229784012 CET4434974335.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.230235100 CET4434974335.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.230338097 CET49747443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.230456114 CET4434974734.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.232250929 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.232284069 CET4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.232355118 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.232520103 CET4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.232680082 CET49748443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.232737064 CET4434974834.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.234386921 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.234458923 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.234618902 CET4434974335.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.235539913 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.235594034 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.235594034 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.235620975 CET49748443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.235625982 CET49747443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.237065077 CET49747443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.237162113 CET4434974734.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.238188028 CET49748443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.238219023 CET4434974834.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.329516888 CET804974434.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.381608009 CET4974480192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.393928051 CET4973880192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.393935919 CET4974480192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.399928093 CET804974434.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.400137901 CET4974480192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.400767088 CET804973834.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.401648045 CET4973880192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.409728050 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.414577007 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.414638042 CET4434975034.160.144.191192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.414910078 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.415046930 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.415066957 CET4434975034.160.144.191192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.415184021 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.417917967 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.418167114 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.423566103 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.805320978 CET44349745142.250.185.174192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.805411100 CET44349745142.250.185.174192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.806364059 CET49745443192.168.2.4142.250.185.174
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.807944059 CET44349745142.250.185.174192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.815116882 CET49745443192.168.2.4142.250.185.174
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.819303036 CET49745443192.168.2.4142.250.185.174
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.819317102 CET44349745142.250.185.174192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.819406986 CET49745443192.168.2.4142.250.185.174
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.819506884 CET44349745142.250.185.174192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.819627047 CET49745443192.168.2.4142.250.185.174
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.854149103 CET4434974734.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.854235888 CET49747443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.858926058 CET49747443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.858958006 CET4434974734.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.859030962 CET49747443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.859113932 CET4434974734.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.859299898 CET49747443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.884723902 CET4434974834.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.884814978 CET49748443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.888776064 CET49748443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.888803005 CET4434974834.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.888896942 CET49748443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.888991117 CET4434974834.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.889163971 CET49748443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.013693094 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.030137062 CET4434975034.160.144.191192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.030966043 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.034990072 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.035001040 CET4434975034.160.144.191192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.035410881 CET4434975034.160.144.191192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.038249016 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.038345098 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.038449049 CET4434975034.160.144.191192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.043330908 CET4434975034.160.144.191192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.045681953 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.045701027 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.045701027 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.069566965 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.246778011 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.246805906 CET4434975234.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.247468948 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.249059916 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.249073982 CET4434975234.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.364826918 CET4975480192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.370460987 CET804975434.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.373204947 CET4975480192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.373434067 CET4975480192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.378680944 CET804975434.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.428688049 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.434070110 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.740554094 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.771225929 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.771287918 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.809170008 CET4975480192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.816263914 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.821685076 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.834317923 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.834510088 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.839925051 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.847433090 CET49756443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.847521067 CET4434975634.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.848515034 CET49756443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.850116968 CET49756443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.850152016 CET4434975634.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.851948977 CET804975434.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.855084896 CET4975480192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.878052950 CET4434975234.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.880692959 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.885255098 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.885265112 CET4434975234.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.885375023 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.885473967 CET4434975234.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.885759115 CET49757443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.885802984 CET4434975734.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.885823965 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.886007071 CET49757443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.887352943 CET49757443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.887371063 CET4434975734.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.030271053 CET49758443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.030288935 CET4434975834.107.243.93192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.034548044 CET49758443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.036056995 CET49758443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.036068916 CET4434975834.107.243.93192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.040395021 CET49759443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.040488005 CET4434975934.149.100.209192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.041338921 CET49760443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.041376114 CET4434976035.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.041623116 CET49759443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.041723967 CET49760443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.043029070 CET49759443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.043066025 CET4434975934.149.100.209192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.043199062 CET49760443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.043225050 CET4434976035.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.425004959 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.466167927 CET4434975634.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.467643023 CET49756443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.468658924 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.472229958 CET49756443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.472245932 CET4434975634.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.472399950 CET4434975634.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.472436905 CET49756443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.472451925 CET4434975634.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.504069090 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.510355949 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.512734890 CET4434975734.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.518712997 CET49757443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.523168087 CET49757443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.523190975 CET4434975734.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.523296118 CET49757443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.523458958 CET4434975734.117.188.166192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.525245905 CET49757443192.168.2.434.117.188.166
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.530781031 CET49761443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.530843019 CET4434976134.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.531054020 CET49761443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.532219887 CET49761443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.532244921 CET4434976134.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.630440950 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.660217047 CET4434975834.107.243.93192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.660307884 CET49758443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.667006016 CET4434975934.149.100.209192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.668181896 CET4434976035.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.670114994 CET49758443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.670124054 CET4434975834.107.243.93192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.670188904 CET49758443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.670258999 CET4434975834.107.243.93192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.671087980 CET49758443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.671118021 CET49759443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.671124935 CET49760443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.674983978 CET49760443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.674999952 CET4434976035.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.675272942 CET4434976035.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.677860975 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.678314924 CET49759443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.678330898 CET4434975934.149.100.209192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.678493977 CET49759443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.678615093 CET4434975934.149.100.209192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.678689003 CET49760443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.678750038 CET49760443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.678879976 CET49759443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.679111958 CET4434976035.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.679183006 CET49760443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.679332972 CET4434975634.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.679390907 CET49756443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:12.157301903 CET4434976134.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:12.157416105 CET49761443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:12.161798954 CET49761443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:12.161818981 CET4434976134.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:12.161876917 CET49761443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:12.162024975 CET4434976134.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:12.162113905 CET49761443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.540112972 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.550101042 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.586699963 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.589365959 CET49763443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.589432955 CET4434976334.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.592248917 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.592403889 CET49763443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.593882084 CET49763443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.593914986 CET4434976334.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.668523073 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.712081909 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.729945898 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.761246920 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:17.210899115 CET4434976334.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:17.210984945 CET49763443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:17.235758066 CET49763443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:17.235795021 CET4434976334.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:17.235882998 CET49763443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:17.235939980 CET4434976334.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:17.236032963 CET49763443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:20.770598888 CET49768443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:20.770688057 CET4434976834.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:20.771595001 CET49769443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:20.771641016 CET4434976934.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:20.771886110 CET49770443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:20.771941900 CET4434977034.149.100.209192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:20.776885986 CET49768443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:20.777036905 CET49769443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:20.777041912 CET49770443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:20.777185917 CET49768443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:20.777237892 CET4434976834.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:20.777285099 CET49769443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:20.777298927 CET4434976934.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:20.778578997 CET49770443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:20.778616905 CET4434977034.149.100.209192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.397731066 CET4434976934.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.397802114 CET49769443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.400477886 CET49769443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.400490046 CET4434976934.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.400726080 CET4434976934.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.402901888 CET49769443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.402990103 CET49769443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.403065920 CET4434976934.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.403121948 CET49769443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.404453039 CET4434977034.149.100.209192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.404532909 CET49770443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.407763958 CET4434976834.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.407859087 CET49768443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.410442114 CET49768443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.410473108 CET4434976834.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.410516977 CET49770443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.410541058 CET4434977034.149.100.209192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.410693884 CET4434977034.149.100.209192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.410748959 CET49770443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.410794020 CET49770443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.410820961 CET4434976834.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.410823107 CET4434977034.149.100.209192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.412841082 CET49768443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.412930965 CET49768443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.413036108 CET4434976834.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.413235903 CET49768443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.578002930 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.582340002 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.583444118 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.587753057 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.701495886 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.707376957 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.741903067 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.757546902 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:23.911372900 CET49772443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:23.911478043 CET4434977234.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:23.915570021 CET49772443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:23.915741920 CET49772443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:23.915766954 CET4434977234.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.047638893 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.052901983 CET49773443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.052957058 CET4434977334.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.053138018 CET49773443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.053205013 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.055210114 CET49773443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.055242062 CET4434977334.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.059878111 CET49774443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.059902906 CET4434977434.107.243.93192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.060883045 CET49774443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.062225103 CET49774443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.062249899 CET4434977434.107.243.93192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.086370945 CET49775443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.086394072 CET4434977534.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.087232113 CET49775443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.087377071 CET49775443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.087393999 CET4434977534.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.171658039 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.218008041 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.533468008 CET4434977234.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.533624887 CET49772443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.536815882 CET49772443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.536840916 CET4434977234.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.537662029 CET4434977234.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.539305925 CET49772443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.539423943 CET49772443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.539531946 CET4434977234.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.539601088 CET49772443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.542409897 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.547848940 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.841207027 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.843497992 CET4434977334.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.843511105 CET4434977434.107.243.93192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.843595982 CET49774443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.843596935 CET49773443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.845487118 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.849440098 CET4434977534.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.849647045 CET49775443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.852101088 CET49775443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.852116108 CET4434977534.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.852319002 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.852328062 CET4434977534.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.853023052 CET49773443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.853032112 CET4434977334.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.853141069 CET49773443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.853219986 CET4434977334.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.854778051 CET49773443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.854968071 CET49774443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.854979038 CET4434977434.107.243.93192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.855038881 CET49774443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.855174065 CET4434977434.107.243.93192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.855808973 CET49774443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.856832027 CET49775443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.856914997 CET49775443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.856966972 CET4434977534.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.857055902 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.857692957 CET49775443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.859276056 CET49776443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.859311104 CET4434977634.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.859482050 CET49776443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.860600948 CET49776443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.860614061 CET4434977634.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.862420082 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.970801115 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.982328892 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.984379053 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.989759922 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:25.035900116 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:25.108951092 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:25.151771069 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:25.499631882 CET4434977634.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:25.499712944 CET49776443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:25.504313946 CET49776443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:25.504323006 CET4434977634.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:25.504424095 CET49776443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:25.504522085 CET4434977634.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:25.505570889 CET49776443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:25.507055998 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:25.509443045 CET49777443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:25.509490967 CET4434977734.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:25.509669065 CET49777443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:25.510817051 CET49777443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:25.510835886 CET4434977734.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:25.512451887 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:25.633009911 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:25.635648012 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:25.641187906 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:25.691004038 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:25.759141922 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:25.806879044 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:26.139612913 CET4434977734.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:26.139702082 CET49777443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:26.144303083 CET49777443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:26.144328117 CET4434977734.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:26.144409895 CET49777443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:26.144608021 CET4434977734.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:26.145505905 CET49777443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:12:26.146924973 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:26.152261019 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:26.272423029 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:26.275237083 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:26.280630112 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:26.323941946 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:26.398716927 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:26.439837933 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.567344904 CET49778443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.567431927 CET4434977835.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.569674969 CET49778443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.569839001 CET49778443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.569879055 CET4434977835.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.597434998 CET49779443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.597487926 CET4434977934.149.100.209192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.597937107 CET49780443192.168.2.435.190.72.216
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.597965956 CET4434978035.190.72.216192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.600684881 CET49779443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.600915909 CET49780443192.168.2.435.190.72.216
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.600927114 CET49779443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.600960970 CET4434977934.149.100.209192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.602140903 CET49780443192.168.2.435.190.72.216
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.602161884 CET4434978035.190.72.216192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.602859020 CET49781443192.168.2.4151.101.193.91
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.602890968 CET44349781151.101.193.91192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.604003906 CET49781443192.168.2.4151.101.193.91
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.604087114 CET49781443192.168.2.4151.101.193.91
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.604106903 CET44349781151.101.193.91192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.624629974 CET49782443192.168.2.435.201.103.21
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.624679089 CET4434978235.201.103.21192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.625247002 CET49782443192.168.2.435.201.103.21
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.626434088 CET49782443192.168.2.435.201.103.21
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.626463890 CET4434978235.201.103.21192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.073261976 CET49783443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.073324919 CET4434978334.107.243.93192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.073664904 CET49783443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.075818062 CET49783443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.075854063 CET4434978334.107.243.93192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.198383093 CET4434977835.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.198476076 CET49778443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.203396082 CET49778443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.203413010 CET4434977835.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.203737974 CET4434977835.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.203902006 CET4434977934.149.100.209192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.203999043 CET49779443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.207937002 CET49779443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.207954884 CET4434977934.149.100.209192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.208250999 CET4434977934.149.100.209192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.210222960 CET44349781151.101.193.91192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.210951090 CET49781443192.168.2.4151.101.193.91
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.214690924 CET49781443192.168.2.4151.101.193.91
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.214704037 CET44349781151.101.193.91192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.215065956 CET44349781151.101.193.91192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.215986967 CET49778443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.216383934 CET49778443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.216389894 CET4434977835.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.216415882 CET4434977835.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.218332052 CET49779443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.218425035 CET49779443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.218494892 CET4434977934.149.100.209192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.221155882 CET49779443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.221496105 CET49781443192.168.2.4151.101.193.91
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.221599102 CET49781443192.168.2.4151.101.193.91
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.221908092 CET44349781151.101.193.91192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.222944975 CET4434978035.190.72.216192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.223443985 CET49781443192.168.2.4151.101.193.91
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.223459005 CET49780443192.168.2.435.190.72.216
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.229209900 CET49780443192.168.2.435.190.72.216
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.229218960 CET4434978035.190.72.216192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.229285955 CET49780443192.168.2.435.190.72.216
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.229646921 CET4434978035.190.72.216192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.229726076 CET49780443192.168.2.435.190.72.216
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.231731892 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.234687090 CET49784443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.234723091 CET4434978435.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.235146046 CET49784443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.235327005 CET49784443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.235342979 CET4434978435.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.236857891 CET49785443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.236938953 CET4434978535.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.237091064 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.237476110 CET49785443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.237654924 CET49785443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.237693071 CET4434978535.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.240379095 CET49786443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.240397930 CET4434978635.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.240559101 CET49786443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.240685940 CET49786443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.240700006 CET4434978635.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.264533043 CET4434978235.201.103.21192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.264714956 CET49782443192.168.2.435.201.103.21
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.270792961 CET49782443192.168.2.435.201.103.21
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.270800114 CET4434978235.201.103.21192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.270886898 CET49782443192.168.2.435.201.103.21
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.271074057 CET4434978235.201.103.21192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.271522999 CET49782443192.168.2.435.201.103.21
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.286108971 CET49787443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.286171913 CET4434978734.149.100.209192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.286590099 CET49787443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.286721945 CET49787443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.286739111 CET4434978734.149.100.209192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.356556892 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.359675884 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.365117073 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.399620056 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.423366070 CET4434977835.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.423439026 CET49778443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.483083963 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.537300110 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.693656921 CET4434978334.107.243.93192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.693855047 CET49783443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.699630022 CET49783443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.699661016 CET4434978334.107.243.93192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.699736118 CET49783443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.700151920 CET4434978334.107.243.93192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.700711012 CET49783443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.703144073 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.708511114 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.833291054 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.836543083 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.842149973 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.850832939 CET4434978435.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.850951910 CET49784443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.853117943 CET4434978535.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.853637934 CET49784443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.853661060 CET4434978435.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.853838921 CET49785443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.854441881 CET4434978435.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.856897116 CET49785443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.856920958 CET4434978535.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.857187986 CET4434978535.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.864813089 CET49784443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.865016937 CET49784443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.865233898 CET4434978435.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.865381956 CET49785443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.865422964 CET49785443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.865545034 CET4434978535.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.868051052 CET4434978635.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.868268013 CET49784443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.868280888 CET49785443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.868310928 CET49786443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.871054888 CET49786443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.871069908 CET4434978635.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.871424913 CET4434978635.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.871640921 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.873709917 CET49786443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.873788118 CET49786443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.873874903 CET4434978635.244.181.201192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.874361038 CET49786443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.874361038 CET49786443192.168.2.435.244.181.201
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.877126932 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.894634008 CET4434978734.149.100.209192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.897252083 CET49787443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.900233030 CET49787443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.900244951 CET4434978734.149.100.209192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.900592089 CET4434978734.149.100.209192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.903232098 CET49787443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.903321028 CET49787443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.903433084 CET4434978734.149.100.209192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.904004097 CET49787443192.168.2.434.149.100.209
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.960674047 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.996567011 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.998893976 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:36.004405022 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:36.038733959 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:36.122503996 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:36.170253992 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:40.518188000 CET60902443192.168.2.4142.250.115.100
                                                                                                                                                                                                              Oct 28, 2024 22:12:40.518258095 CET44360902142.250.115.100192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:40.519742966 CET60902443192.168.2.4142.250.115.100
                                                                                                                                                                                                              Oct 28, 2024 22:12:40.519942045 CET60902443192.168.2.4142.250.115.100
                                                                                                                                                                                                              Oct 28, 2024 22:12:40.519963980 CET44360902142.250.115.100192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:41.133893967 CET44360902142.250.115.100192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:41.134015083 CET60902443192.168.2.4142.250.115.100
                                                                                                                                                                                                              Oct 28, 2024 22:12:41.136626959 CET44360902142.250.115.100192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:41.136760950 CET60902443192.168.2.4142.250.115.100
                                                                                                                                                                                                              Oct 28, 2024 22:12:41.139906883 CET60902443192.168.2.4142.250.115.100
                                                                                                                                                                                                              Oct 28, 2024 22:12:41.139934063 CET44360902142.250.115.100192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:41.140340090 CET44360902142.250.115.100192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:41.142723083 CET60902443192.168.2.4142.250.115.100
                                                                                                                                                                                                              Oct 28, 2024 22:12:41.142807961 CET60902443192.168.2.4142.250.115.100
                                                                                                                                                                                                              Oct 28, 2024 22:12:41.142920971 CET44360902142.250.115.100192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:41.145260096 CET60902443192.168.2.4142.250.115.100
                                                                                                                                                                                                              Oct 28, 2024 22:12:41.149224043 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:41.154617071 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:41.284791946 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:41.287045956 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:41.292463064 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:41.330235958 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:41.410494089 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:41.461762905 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:50.494007111 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:50.499639988 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:50.619771957 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:50.623019934 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:50.628351927 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:50.673233032 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:50.746463060 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:50.788954020 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:55.948170900 CET60904443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:12:55.948223114 CET4436090434.107.243.93192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:55.948316097 CET60904443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:12:55.950253010 CET60904443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:12:55.950277090 CET4436090434.107.243.93192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:56.770315886 CET4436090434.107.243.93192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:56.770544052 CET60904443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:12:56.774939060 CET60904443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:12:56.774950027 CET4436090434.107.243.93192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:56.775046110 CET60904443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:12:56.775139093 CET4436090434.107.243.93192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:56.775664091 CET60904443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:12:56.777528048 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:56.782916069 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:56.903501987 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:56.906282902 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:56.913405895 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:56.945019007 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:12:57.033418894 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:57.076512098 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.109916925 CET60946443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.109960079 CET4436094634.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.110160112 CET60947443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.110191107 CET4436094734.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.110388041 CET60948443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.110471964 CET4436094834.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.111151934 CET60946443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.111382008 CET60947443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.111391068 CET60948443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.111507893 CET60946443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.111525059 CET4436094634.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.111619949 CET60947443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.111638069 CET4436094734.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.111704111 CET60948443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.111733913 CET4436094834.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.718904018 CET4436094634.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.719010115 CET60946443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.721973896 CET60946443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.721986055 CET4436094634.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.722304106 CET4436094634.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.722518921 CET4436094734.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.724555969 CET60946443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.724658012 CET60946443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.724735022 CET4436094634.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.727047920 CET60946443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.727047920 CET60946443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.727066994 CET60947443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.729722023 CET60947443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.729729891 CET4436094734.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.730052948 CET4436094734.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.731923103 CET60947443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.732034922 CET60947443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.732364893 CET60947443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.735466003 CET4436094834.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.736821890 CET60948443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.739582062 CET60948443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.739602089 CET4436094834.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.739934921 CET4436094834.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.741808891 CET60948443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.741920948 CET60948443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.742048979 CET4436094834.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.743354082 CET60948443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.781788111 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.784533024 CET60952443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.784600973 CET4436095234.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.799463034 CET60952443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.799545050 CET60952443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.799551010 CET4436095234.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.803298950 CET60953443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.803366899 CET4436095334.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.803503990 CET60954443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.803514957 CET4436095434.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.803725004 CET60955443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.803745985 CET4436095534.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.805504084 CET60953443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.805650949 CET60954443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.805663109 CET60953443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.805663109 CET60955443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.805697918 CET4436095334.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.805730104 CET60954443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.805736065 CET4436095434.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.805795908 CET60955443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.805821896 CET4436095534.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.082778931 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.267857075 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.268841028 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.270828962 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.272422075 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.277842045 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.311263084 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.395669937 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.442780972 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.865138054 CET4436095234.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.865170956 CET4436095234.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.865212917 CET60952443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.868074894 CET60952443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.868088007 CET4436095234.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.868896961 CET4436095234.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.869250059 CET4436095534.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.869374990 CET60955443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.871491909 CET60955443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.871500969 CET4436095534.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.871710062 CET4436095534.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.871784925 CET4436095434.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.871848106 CET60954443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.873888016 CET60954443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.873892069 CET4436095434.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.874206066 CET4436095434.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.875786066 CET60952443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.875971079 CET4436095234.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.876070023 CET60952443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.876142979 CET60952443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.876156092 CET4436095234.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.879163980 CET60955443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.879236937 CET60955443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.879322052 CET4436095534.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.880577087 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.880916119 CET60954443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.880995989 CET60954443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.881086111 CET4436095434.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.881733894 CET60954443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.881733894 CET60955443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.886025906 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.900397062 CET4436095334.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.900487900 CET60953443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.902913094 CET60953443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.902925968 CET4436095334.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.903253078 CET4436095334.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.904767036 CET60953443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.904836893 CET60953443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.905021906 CET4436095334.120.208.123192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.910160065 CET60953443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.914025068 CET60953443192.168.2.434.120.208.123
                                                                                                                                                                                                              Oct 28, 2024 22:13:06.005645990 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:06.008373022 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:13:06.013811111 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:06.060193062 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:13:06.151658058 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:06.198240995 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:13:16.014038086 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:13:16.025537968 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:16.161173105 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:13:16.166837931 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:26.042817116 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:13:26.048777103 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:26.174277067 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:13:26.180365086 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:36.049894094 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:13:36.055417061 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:36.187973022 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:13:36.193469048 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:37.398114920 CET61110443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:13:37.398179054 CET4436111034.107.243.93192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:37.398274899 CET61110443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:13:37.399519920 CET61110443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:13:37.399544954 CET4436111034.107.243.93192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:38.015904903 CET4436111034.107.243.93192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:38.016010046 CET61110443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:13:38.022880077 CET61110443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:13:38.022906065 CET4436111034.107.243.93192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:38.023014069 CET61110443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:13:38.023180008 CET4436111034.107.243.93192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:38.023792028 CET61110443192.168.2.434.107.243.93
                                                                                                                                                                                                              Oct 28, 2024 22:13:38.025665045 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:13:38.031503916 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:38.162653923 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:38.178352118 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:13:38.183844090 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:38.224514961 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:13:38.301934958 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:38.356034994 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:13:48.184026003 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:13:48.189567089 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:48.306495905 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:13:48.311958075 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:58.201337099 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:13:58.317243099 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:13:58.400641918 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:58.400681973 CET804975534.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:14:08.410389900 CET4974980192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:14:08.410455942 CET4975580192.168.2.434.107.221.82
                                                                                                                                                                                                              Oct 28, 2024 22:14:08.415899992 CET804974934.107.221.82192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:14:08.415919065 CET804975534.107.221.82192.168.2.4

                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                              Oct 28, 2024 22:12:05.184200048 CET5003153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:05.192260027 CET53500311.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:05.193348885 CET5871853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:05.201266050 CET53587181.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:06.102066040 CET6526653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:06.127336979 CET6132753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:06.134928942 CET53613271.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:06.143034935 CET5550453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:06.152014971 CET53555041.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:07.920042992 CET6346953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:07.928323030 CET53634691.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:07.934238911 CET5196753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:07.943048000 CET53519671.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:07.943778992 CET5943853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:07.950969934 CET53594381.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.476227999 CET5100453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.484535933 CET53510041.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.486118078 CET5560853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.493738890 CET53556081.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.494699955 CET5157053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.500087976 CET6509753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.502266884 CET53515701.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.507473946 CET53650971.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.527931929 CET6287453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.535927057 CET53628741.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.543196917 CET6428853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.546205997 CET6536053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.548949957 CET6523953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.551264048 CET53642881.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.554572105 CET53653601.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.557046890 CET53652391.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.560766935 CET5961353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.570425987 CET53596131.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.590014935 CET5507153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.597910881 CET53550711.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.652327061 CET5287653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.393920898 CET5166953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.402527094 CET53516691.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.408216000 CET6548653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.415899992 CET6118353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.424355030 CET53611831.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.424945116 CET6269853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.432387114 CET53626981.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.438663960 CET53597391.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.811707973 CET6408153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.819025040 CET53640811.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.847594023 CET5628253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.847910881 CET6206753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.855431080 CET53620671.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.855731010 CET53562821.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.861860991 CET5502153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.864254951 CET6104253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.869071007 CET53550211.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.871674061 CET53610421.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.029309034 CET5207353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.036772013 CET53520731.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.040761948 CET5835153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.048717976 CET53583511.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.067950010 CET6250853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.075345039 CET53625081.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.357053041 CET6285453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.366038084 CET53628541.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.376534939 CET5353553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.385083914 CET53535351.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.395204067 CET5433953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.403232098 CET53543391.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.604361057 CET5658853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.611731052 CET53565881.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.577692032 CET5515353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.578182936 CET5756353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.578658104 CET5052453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.584873915 CET53551531.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.585808039 CET53575631.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.586393118 CET53505241.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.595475912 CET6197353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.595696926 CET6506053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.595882893 CET5905253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.603962898 CET53650601.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.604151964 CET53590521.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.604485989 CET5239653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.604720116 CET53619731.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.604747057 CET5775953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.605187893 CET5613753192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.612335920 CET53561371.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.612601042 CET53577591.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.612632990 CET53523961.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.941055059 CET5928853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.941442013 CET5218253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.948766947 CET53521821.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.948801041 CET53592881.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.950109005 CET5843253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.950810909 CET5706353192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.957611084 CET53584321.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.957972050 CET53570631.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.958344936 CET6523553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.958671093 CET5249853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.966046095 CET53524981.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.966296911 CET53652351.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:23.913367987 CET6171553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:23.920721054 CET53617151.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.060435057 CET5851953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.067552090 CET53585191.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.567378998 CET5167253192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.576793909 CET53516721.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.577373981 CET6028653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.585093975 CET53602861.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.591943026 CET6007953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.600089073 CET53600791.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.603430033 CET5906153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.605300903 CET5590953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.612689972 CET53590611.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.616190910 CET6173053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.623893023 CET53559091.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.625165939 CET5313853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.627841949 CET53617301.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.633265018 CET53531381.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.633769035 CET5145153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.642189026 CET53514511.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.074099064 CET5145653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.082242966 CET53514561.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:39.889225006 CET53595571.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:50.494357109 CET5334153192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:55.947690010 CET5507053192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:56.130239964 CET53550701.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:12:56.134646893 CET5067853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:12:56.142699003 CET53506781.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.107012987 CET5989653192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.114451885 CET53598961.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:37.383512020 CET6220953192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:13:37.391505957 CET53622091.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:37.392621994 CET5784853192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:13:37.400032997 CET53578481.1.1.1192.168.2.4
                                                                                                                                                                                                              Oct 28, 2024 22:13:38.025921106 CET6063553192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:13:38.175443888 CET6089453192.168.2.41.1.1.1
                                                                                                                                                                                                              Oct 28, 2024 22:13:38.184370995 CET53608941.1.1.1192.168.2.4

                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                              Oct 28, 2024 22:12:05.184200048 CET192.168.2.41.1.1.10xa98cStandard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:05.193348885 CET192.168.2.41.1.1.10xec30Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:06.102066040 CET192.168.2.41.1.1.10x5a83Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:06.127336979 CET192.168.2.41.1.1.10xd3ebStandard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:06.143034935 CET192.168.2.41.1.1.10xb816Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:07.920042992 CET192.168.2.41.1.1.10x867aStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:07.934238911 CET192.168.2.41.1.1.10xbe5eStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:07.943778992 CET192.168.2.41.1.1.10xc42fStandard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.476227999 CET192.168.2.41.1.1.10xc59dStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.486118078 CET192.168.2.41.1.1.10xe66aStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.494699955 CET192.168.2.41.1.1.10x10c1Standard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.500087976 CET192.168.2.41.1.1.10xd877Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.527931929 CET192.168.2.41.1.1.10x6d0bStandard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.543196917 CET192.168.2.41.1.1.10x7602Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.546205997 CET192.168.2.41.1.1.10x580eStandard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.548949957 CET192.168.2.41.1.1.10x51f4Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.560766935 CET192.168.2.41.1.1.10xaf0Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.590014935 CET192.168.2.41.1.1.10x8783Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.652327061 CET192.168.2.41.1.1.10xc593Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.393920898 CET192.168.2.41.1.1.10xbb78Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.408216000 CET192.168.2.41.1.1.10x93d2Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.415899992 CET192.168.2.41.1.1.10xa528Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.424945116 CET192.168.2.41.1.1.10xeb45Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.811707973 CET192.168.2.41.1.1.10x322eStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.847594023 CET192.168.2.41.1.1.10x89c1Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.847910881 CET192.168.2.41.1.1.10x8249Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.861860991 CET192.168.2.41.1.1.10x36a6Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.864254951 CET192.168.2.41.1.1.10x8e81Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.029309034 CET192.168.2.41.1.1.10x64aeStandard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.040761948 CET192.168.2.41.1.1.10xf889Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.067950010 CET192.168.2.41.1.1.10x6b73Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.357053041 CET192.168.2.41.1.1.10xea60Standard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.376534939 CET192.168.2.41.1.1.10x4fa0Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.395204067 CET192.168.2.41.1.1.10xbc00Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.604361057 CET192.168.2.41.1.1.10xb2ebStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.577692032 CET192.168.2.41.1.1.10xf5ceStandard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.578182936 CET192.168.2.41.1.1.10xece0Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.578658104 CET192.168.2.41.1.1.10xf5d6Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.595475912 CET192.168.2.41.1.1.10x6e8eStandard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.595696926 CET192.168.2.41.1.1.10x56cbStandard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.595882893 CET192.168.2.41.1.1.10xc7f9Standard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.604485989 CET192.168.2.41.1.1.10x3f10Standard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.604747057 CET192.168.2.41.1.1.10x4dc7Standard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.605187893 CET192.168.2.41.1.1.10x91d3Standard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.941055059 CET192.168.2.41.1.1.10x90bcStandard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.941442013 CET192.168.2.41.1.1.10x4472Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.950109005 CET192.168.2.41.1.1.10xf96Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.950810909 CET192.168.2.41.1.1.10xba33Standard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.958344936 CET192.168.2.41.1.1.10xa655Standard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.958671093 CET192.168.2.41.1.1.10x427dStandard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:23.913367987 CET192.168.2.41.1.1.10x3e76Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.060435057 CET192.168.2.41.1.1.10xacefStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.567378998 CET192.168.2.41.1.1.10x7b25Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.577373981 CET192.168.2.41.1.1.10x681cStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.591943026 CET192.168.2.41.1.1.10x8c95Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.603430033 CET192.168.2.41.1.1.10xdc55Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.605300903 CET192.168.2.41.1.1.10x7041Standard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.616190910 CET192.168.2.41.1.1.10xc463Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.625165939 CET192.168.2.41.1.1.10xa6f5Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.633769035 CET192.168.2.41.1.1.10x61faStandard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.074099064 CET192.168.2.41.1.1.10x79f3Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:50.494357109 CET192.168.2.41.1.1.10xc64bStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:55.947690010 CET192.168.2.41.1.1.10x2e3Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:56.134646893 CET192.168.2.41.1.1.10x7895Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.107012987 CET192.168.2.41.1.1.10x7fa5Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:13:37.383512020 CET192.168.2.41.1.1.10xe1b7Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:13:37.392621994 CET192.168.2.41.1.1.10x5ea5Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:13:38.025921106 CET192.168.2.41.1.1.10x2b4bStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:13:38.175443888 CET192.168.2.41.1.1.10xe101Standard query (0)example.orgA (IP address)IN (0x0001)false

                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                              Oct 28, 2024 22:12:05.174163103 CET1.1.1.1192.168.2.40x93deNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:05.192260027 CET1.1.1.1192.168.2.40xa98cNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:06.109543085 CET1.1.1.1192.168.2.40x5a83No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:06.109543085 CET1.1.1.1192.168.2.40x5a83No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:06.134928942 CET1.1.1.1192.168.2.40xd3ebNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:06.152014971 CET1.1.1.1192.168.2.40xb816No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:07.928323030 CET1.1.1.1192.168.2.40x867aNo error (0)youtube.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:07.943048000 CET1.1.1.1192.168.2.40xbe5eNo error (0)youtube.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:07.950969934 CET1.1.1.1192.168.2.40xc42fNo error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.484535933 CET1.1.1.1192.168.2.40xc59dNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.493738890 CET1.1.1.1192.168.2.40xe66aNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.507473946 CET1.1.1.1192.168.2.40xd877No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.507473946 CET1.1.1.1192.168.2.40xd877No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.535927057 CET1.1.1.1192.168.2.40x6d0bNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.544589996 CET1.1.1.1192.168.2.40x9fb0No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.544589996 CET1.1.1.1192.168.2.40x9fb0No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.554572105 CET1.1.1.1192.168.2.40x580eNo error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.557046890 CET1.1.1.1192.168.2.40x51f4No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.557046890 CET1.1.1.1192.168.2.40x51f4No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.570425987 CET1.1.1.1192.168.2.40xaf0No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.660059929 CET1.1.1.1192.168.2.40xc593No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.660059929 CET1.1.1.1192.168.2.40xc593No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.402527094 CET1.1.1.1192.168.2.40xbb78No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.402527094 CET1.1.1.1192.168.2.40xbb78No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.402527094 CET1.1.1.1192.168.2.40xbb78No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.415977955 CET1.1.1.1192.168.2.40x93d2No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.424355030 CET1.1.1.1192.168.2.40xa528No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.432387114 CET1.1.1.1192.168.2.40xeb45No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.818450928 CET1.1.1.1192.168.2.40x393eNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.819025040 CET1.1.1.1192.168.2.40x322eNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.855431080 CET1.1.1.1192.168.2.40x8249No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.855731010 CET1.1.1.1192.168.2.40x89c1No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.036751986 CET1.1.1.1192.168.2.40x58d2No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.036751986 CET1.1.1.1192.168.2.40x58d2No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.036772013 CET1.1.1.1192.168.2.40x64aeNo error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.036772013 CET1.1.1.1192.168.2.40x64aeNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.048717976 CET1.1.1.1192.168.2.40xf889No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.529167891 CET1.1.1.1192.168.2.40xa7a3No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.366038084 CET1.1.1.1192.168.2.40xea60No error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.366038084 CET1.1.1.1192.168.2.40xea60No error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.366038084 CET1.1.1.1192.168.2.40xea60No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.385083914 CET1.1.1.1192.168.2.40x4fa0No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.584873915 CET1.1.1.1192.168.2.40xf5ceNo error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.584873915 CET1.1.1.1192.168.2.40xf5ceNo error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.584873915 CET1.1.1.1192.168.2.40xf5ceNo error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.584873915 CET1.1.1.1192.168.2.40xf5ceNo error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.584873915 CET1.1.1.1192.168.2.40xf5ceNo error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.584873915 CET1.1.1.1192.168.2.40xf5ceNo error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.584873915 CET1.1.1.1192.168.2.40xf5ceNo error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.584873915 CET1.1.1.1192.168.2.40xf5ceNo error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.584873915 CET1.1.1.1192.168.2.40xf5ceNo error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.584873915 CET1.1.1.1192.168.2.40xf5ceNo error (0)youtube-ui.l.google.com216.58.212.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.584873915 CET1.1.1.1192.168.2.40xf5ceNo error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.584873915 CET1.1.1.1192.168.2.40xf5ceNo error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.584873915 CET1.1.1.1192.168.2.40xf5ceNo error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.584873915 CET1.1.1.1192.168.2.40xf5ceNo error (0)youtube-ui.l.google.com142.250.74.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.584873915 CET1.1.1.1192.168.2.40xf5ceNo error (0)youtube-ui.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.584873915 CET1.1.1.1192.168.2.40xf5ceNo error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.584873915 CET1.1.1.1192.168.2.40xf5ceNo error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.585808039 CET1.1.1.1192.168.2.40xece0No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.585808039 CET1.1.1.1192.168.2.40xece0No error (0)star-mini.c10r.facebook.com157.240.253.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.586393118 CET1.1.1.1192.168.2.40xf5d6No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.586393118 CET1.1.1.1192.168.2.40xf5d6No error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.603962898 CET1.1.1.1192.168.2.40x56cbNo error (0)star-mini.c10r.facebook.com157.240.253.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.604151964 CET1.1.1.1192.168.2.40xc7f9No error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.604720116 CET1.1.1.1192.168.2.40x6e8eNo error (0)youtube-ui.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.604720116 CET1.1.1.1192.168.2.40x6e8eNo error (0)youtube-ui.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.604720116 CET1.1.1.1192.168.2.40x6e8eNo error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.604720116 CET1.1.1.1192.168.2.40x6e8eNo error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.604720116 CET1.1.1.1192.168.2.40x6e8eNo error (0)youtube-ui.l.google.com216.58.212.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.604720116 CET1.1.1.1192.168.2.40x6e8eNo error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.604720116 CET1.1.1.1192.168.2.40x6e8eNo error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.604720116 CET1.1.1.1192.168.2.40x6e8eNo error (0)youtube-ui.l.google.com216.58.212.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.604720116 CET1.1.1.1192.168.2.40x6e8eNo error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.604720116 CET1.1.1.1192.168.2.40x6e8eNo error (0)youtube-ui.l.google.com172.217.18.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.604720116 CET1.1.1.1192.168.2.40x6e8eNo error (0)youtube-ui.l.google.com172.217.23.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.604720116 CET1.1.1.1192.168.2.40x6e8eNo error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.604720116 CET1.1.1.1192.168.2.40x6e8eNo error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.604720116 CET1.1.1.1192.168.2.40x6e8eNo error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.604720116 CET1.1.1.1192.168.2.40x6e8eNo error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.604720116 CET1.1.1.1192.168.2.40x6e8eNo error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.612335920 CET1.1.1.1192.168.2.40x91d3No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.612335920 CET1.1.1.1192.168.2.40x91d3No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.612335920 CET1.1.1.1192.168.2.40x91d3No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.612335920 CET1.1.1.1192.168.2.40x91d3No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.612601042 CET1.1.1.1192.168.2.40x4dc7No error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.612632990 CET1.1.1.1192.168.2.40x3f10No error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.948766947 CET1.1.1.1192.168.2.40x4472No error (0)twitter.com104.244.42.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.948801041 CET1.1.1.1192.168.2.40x90bcNo error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.948801041 CET1.1.1.1192.168.2.40x90bcNo error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.948801041 CET1.1.1.1192.168.2.40x90bcNo error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.948801041 CET1.1.1.1192.168.2.40x90bcNo error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.948801041 CET1.1.1.1192.168.2.40x90bcNo error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.957611084 CET1.1.1.1192.168.2.40xf96No error (0)twitter.com104.244.42.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.957972050 CET1.1.1.1192.168.2.40xba33No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.957972050 CET1.1.1.1192.168.2.40xba33No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.957972050 CET1.1.1.1192.168.2.40xba33No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.957972050 CET1.1.1.1192.168.2.40xba33No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.576793909 CET1.1.1.1192.168.2.40x7b25No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.600089073 CET1.1.1.1192.168.2.40x8c95No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.600089073 CET1.1.1.1192.168.2.40x8c95No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.600089073 CET1.1.1.1192.168.2.40x8c95No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.600089073 CET1.1.1.1192.168.2.40x8c95No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.612689972 CET1.1.1.1192.168.2.40xdc55No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.612689972 CET1.1.1.1192.168.2.40xdc55No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.612689972 CET1.1.1.1192.168.2.40xdc55No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.612689972 CET1.1.1.1192.168.2.40xdc55No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.623893023 CET1.1.1.1192.168.2.40x7041No error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.623893023 CET1.1.1.1192.168.2.40x7041No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:34.633265018 CET1.1.1.1192.168.2.40xa6f5No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.885435104 CET1.1.1.1192.168.2.40xfc48No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.885435104 CET1.1.1.1192.168.2.40xfc48No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:50.501696110 CET1.1.1.1192.168.2.40xc64bNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:50.501696110 CET1.1.1.1192.168.2.40xc64bNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:12:56.130239964 CET1.1.1.1192.168.2.40x2e3No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.100047112 CET1.1.1.1192.168.2.40x946fNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:13:37.391505957 CET1.1.1.1192.168.2.40xe1b7No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:13:38.034467936 CET1.1.1.1192.168.2.40x2b4bNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:13:38.034467936 CET1.1.1.1192.168.2.40x2b4bNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 28, 2024 22:13:38.184370995 CET1.1.1.1192.168.2.40xe101No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false

                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                              • detectportal.firefox.com

                                                                                                                                                                                                              HTTP Packets

                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              0192.168.2.44973834.107.221.82802756C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 28, 2024 22:12:07.924242020 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.510976076 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 14:39:46 GMT
                                                                                                                                                                                                              Age: 23542
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              1192.168.2.44974434.107.221.82802756C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 28, 2024 22:12:08.731087923 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.329516888 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                              Age: 29904
                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                              Data Ascii: success


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              2192.168.2.44974934.107.221.82802756C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 28, 2024 22:12:09.418167114 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.013693094 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 14:39:46 GMT
                                                                                                                                                                                                              Age: 23543
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.428688049 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.740554094 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 14:39:46 GMT
                                                                                                                                                                                                              Age: 23544
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.771225929 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 14:39:46 GMT
                                                                                                                                                                                                              Age: 23544
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.504069090 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.630440950 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 14:39:46 GMT
                                                                                                                                                                                                              Age: 23545
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.586699963 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.712081909 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 14:39:46 GMT
                                                                                                                                                                                                              Age: 23550
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.582340002 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.707376957 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 14:39:46 GMT
                                                                                                                                                                                                              Age: 23555
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.542409897 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.841207027 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 14:39:46 GMT
                                                                                                                                                                                                              Age: 23558
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.857055902 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.982328892 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 14:39:46 GMT
                                                                                                                                                                                                              Age: 23558
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                              Oct 28, 2024 22:12:25.507055998 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Oct 28, 2024 22:12:25.633009911 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 14:39:46 GMT
                                                                                                                                                                                                              Age: 23559
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                              Oct 28, 2024 22:12:26.146924973 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Oct 28, 2024 22:12:26.272423029 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 14:39:46 GMT
                                                                                                                                                                                                              Age: 23560
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.231731892 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.356556892 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 14:39:46 GMT
                                                                                                                                                                                                              Age: 23569
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.703144073 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.833291054 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 14:39:46 GMT
                                                                                                                                                                                                              Age: 23569
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.871640921 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.996567011 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 14:39:46 GMT
                                                                                                                                                                                                              Age: 23569
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                              Oct 28, 2024 22:12:41.149224043 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Oct 28, 2024 22:12:41.284791946 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 14:39:46 GMT
                                                                                                                                                                                                              Age: 23575
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                              Oct 28, 2024 22:12:50.494007111 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Oct 28, 2024 22:12:50.619771957 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 14:39:46 GMT
                                                                                                                                                                                                              Age: 23584
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                              Oct 28, 2024 22:12:56.777528048 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Oct 28, 2024 22:12:56.903501987 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 14:39:46 GMT
                                                                                                                                                                                                              Age: 23590
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                              Oct 28, 2024 22:13:04.781788111 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.082778931 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.268841028 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 14:39:46 GMT
                                                                                                                                                                                                              Age: 23599
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.880577087 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Oct 28, 2024 22:13:06.005645990 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 14:39:46 GMT
                                                                                                                                                                                                              Age: 23599
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                              Oct 28, 2024 22:13:16.014038086 CET6OUTData Raw: 00
                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                              Oct 28, 2024 22:13:26.042817116 CET6OUTData Raw: 00
                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                              Oct 28, 2024 22:13:36.049894094 CET6OUTData Raw: 00
                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                              Oct 28, 2024 22:13:38.025665045 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Oct 28, 2024 22:13:38.162653923 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 14:39:46 GMT
                                                                                                                                                                                                              Age: 23632
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                              Oct 28, 2024 22:13:48.184026003 CET6OUTData Raw: 00
                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                              Oct 28, 2024 22:13:58.201337099 CET6OUTData Raw: 00
                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                              Oct 28, 2024 22:14:08.410389900 CET6OUTData Raw: 00
                                                                                                                                                                                                              Data Ascii:


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              3192.168.2.44975434.107.221.82802756C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.373434067 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Cache-Control: no-cache


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              4192.168.2.44975534.107.221.82802756C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Oct 28, 2024 22:12:10.834510088 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Oct 28, 2024 22:12:11.425004959 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                              Age: 29906
                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.540112972 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Oct 28, 2024 22:12:16.668523073 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                              Age: 29911
                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.578002930 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Oct 28, 2024 22:12:21.701495886 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                              Age: 29916
                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.047638893 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.171658039 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                              Age: 29919
                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.845487118 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.970801115 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                              Age: 29919
                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                              Oct 28, 2024 22:12:24.984379053 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Oct 28, 2024 22:12:25.108951092 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                              Age: 29920
                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                              Oct 28, 2024 22:12:25.635648012 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Oct 28, 2024 22:12:25.759141922 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                              Age: 29920
                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                              Oct 28, 2024 22:12:26.275237083 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Oct 28, 2024 22:12:26.398716927 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                              Age: 29921
                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.359675884 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.483083963 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                              Age: 29930
                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.836543083 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.960674047 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                              Age: 29930
                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                              Oct 28, 2024 22:12:35.998893976 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Oct 28, 2024 22:12:36.122503996 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                              Age: 29931
                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                              Oct 28, 2024 22:12:41.287045956 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Oct 28, 2024 22:12:41.410494089 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                              Age: 29936
                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                              Oct 28, 2024 22:12:50.623019934 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Oct 28, 2024 22:12:50.746463060 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                              Age: 29945
                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                              Oct 28, 2024 22:12:56.906282902 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Oct 28, 2024 22:12:57.033418894 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                              Age: 29951
                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.272422075 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Oct 28, 2024 22:13:05.395669937 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                              Age: 29960
                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                              Oct 28, 2024 22:13:06.008373022 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Oct 28, 2024 22:13:06.151658058 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                              Age: 29961
                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                              Oct 28, 2024 22:13:16.161173105 CET6OUTData Raw: 00
                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                              Oct 28, 2024 22:13:26.174277067 CET6OUTData Raw: 00
                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                              Oct 28, 2024 22:13:36.187973022 CET6OUTData Raw: 00
                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                              Oct 28, 2024 22:13:38.178352118 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Oct 28, 2024 22:13:38.301934958 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                              Date: Mon, 28 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                              Age: 29993
                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                              Oct 28, 2024 22:13:48.306495905 CET6OUTData Raw: 00
                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                              Oct 28, 2024 22:13:58.317243099 CET6OUTData Raw: 00
                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                              Oct 28, 2024 22:14:08.410455942 CET6OUTData Raw: 00
                                                                                                                                                                                                              Data Ascii:


                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                              Start time:17:11:57
                                                                                                                                                                                                              Start date:28/10/2024
                                                                                                                                                                                                              Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                              Imagebase:0x270000
                                                                                                                                                                                                              File size:919'552 bytes
                                                                                                                                                                                                              MD5 hash:9516A10A1F5AB3F62D09659AC994246B
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:1
                                                                                                                                                                                                              Start time:17:11:58
                                                                                                                                                                                                              Start date:28/10/2024
                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                              Imagebase:0xbf0000
                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:2
                                                                                                                                                                                                              Start time:17:11:58
                                                                                                                                                                                                              Start date:28/10/2024
                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:3
                                                                                                                                                                                                              Start time:17:12:00
                                                                                                                                                                                                              Start date:28/10/2024
                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                              Imagebase:0xbf0000
                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:4
                                                                                                                                                                                                              Start time:17:12:00
                                                                                                                                                                                                              Start date:28/10/2024
                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:5
                                                                                                                                                                                                              Start time:17:12:00
                                                                                                                                                                                                              Start date:28/10/2024
                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                              Imagebase:0xbf0000
                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:6
                                                                                                                                                                                                              Start time:17:12:00
                                                                                                                                                                                                              Start date:28/10/2024
                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:7
                                                                                                                                                                                                              Start time:17:12:00
                                                                                                                                                                                                              Start date:28/10/2024
                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                              Imagebase:0xbf0000
                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:8
                                                                                                                                                                                                              Start time:17:12:00
                                                                                                                                                                                                              Start date:28/10/2024
                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:9
                                                                                                                                                                                                              Start time:17:12:01
                                                                                                                                                                                                              Start date:28/10/2024
                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                              Imagebase:0xbf0000
                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:10
                                                                                                                                                                                                              Start time:17:12:01
                                                                                                                                                                                                              Start date:28/10/2024
                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:11
                                                                                                                                                                                                              Start time:17:12:01
                                                                                                                                                                                                              Start date:28/10/2024
                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                              Imagebase:0x7ff6bf500000
                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:12
                                                                                                                                                                                                              Start time:17:12:01
                                                                                                                                                                                                              Start date:28/10/2024
                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                              Imagebase:0x7ff6bf500000
                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:13
                                                                                                                                                                                                              Start time:17:12:01
                                                                                                                                                                                                              Start date:28/10/2024
                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                              Imagebase:0x7ff6bf500000
                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:15
                                                                                                                                                                                                              Start time:17:12:03
                                                                                                                                                                                                              Start date:28/10/2024
                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2236 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96ad0d25-fff4-4df5-b334-a88dfabb4a43} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 1e95da6f910 socket
                                                                                                                                                                                                              Imagebase:0x7ff6bf500000
                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:16
                                                                                                                                                                                                              Start time:17:12:04
                                                                                                                                                                                                              Start date:28/10/2024
                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3968 -parentBuildID 20230927232528 -prefsHandle 3752 -prefMapHandle 4000 -prefsLen 26208 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {645c5d58-8114-49d1-b3ad-07482cd82946} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 1e95da7ce10 rdd
                                                                                                                                                                                                              Imagebase:0x7ff6bf500000
                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:17
                                                                                                                                                                                                              Start time:17:12:10
                                                                                                                                                                                                              Start date:28/10/2024
                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3244 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 1544 -prefMapHandle 1540 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8dfb5d83-e596-439a-8166-f719251ef78f} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 1e97c2dd510 utility
                                                                                                                                                                                                              Imagebase:0x7ff6bf500000
                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                Execution Coverage:2.1%
                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                Signature Coverage:7%
                                                                                                                                                                                                                Total number of Nodes:1512
                                                                                                                                                                                                                Total number of Limit Nodes:55
                                                                                                                                                                                                                execution_graph 94075 271044 94080 2710f3 94075->94080 94077 27104a 94116 2900a3 29 API calls __onexit 94077->94116 94079 271054 94117 271398 94080->94117 94084 27116a 94127 27a961 94084->94127 94087 27a961 22 API calls 94088 27117e 94087->94088 94089 27a961 22 API calls 94088->94089 94090 271188 94089->94090 94091 27a961 22 API calls 94090->94091 94092 2711c6 94091->94092 94093 27a961 22 API calls 94092->94093 94094 271292 94093->94094 94132 27171c 94094->94132 94098 2712c4 94099 27a961 22 API calls 94098->94099 94100 2712ce 94099->94100 94153 281940 94100->94153 94102 2712f9 94163 271aab 94102->94163 94104 271315 94105 271325 GetStdHandle 94104->94105 94106 27137a 94105->94106 94107 2b2485 94105->94107 94110 271387 OleInitialize 94106->94110 94107->94106 94108 2b248e 94107->94108 94170 28fddb 94108->94170 94110->94077 94111 2b2495 94180 2e011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 94111->94180 94113 2b249e 94181 2e0944 CreateThread 94113->94181 94115 2b24aa CloseHandle 94115->94106 94116->94079 94182 2713f1 94117->94182 94120 2713f1 22 API calls 94121 2713d0 94120->94121 94122 27a961 22 API calls 94121->94122 94123 2713dc 94122->94123 94189 276b57 94123->94189 94125 271129 94126 271bc3 6 API calls 94125->94126 94126->94084 94128 28fe0b 22 API calls 94127->94128 94129 27a976 94128->94129 94130 28fddb 22 API calls 94129->94130 94131 271174 94130->94131 94131->94087 94133 27a961 22 API calls 94132->94133 94134 27172c 94133->94134 94135 27a961 22 API calls 94134->94135 94136 271734 94135->94136 94137 27a961 22 API calls 94136->94137 94138 27174f 94137->94138 94139 28fddb 22 API calls 94138->94139 94140 27129c 94139->94140 94141 271b4a 94140->94141 94142 271b58 94141->94142 94143 27a961 22 API calls 94142->94143 94144 271b63 94143->94144 94145 27a961 22 API calls 94144->94145 94146 271b6e 94145->94146 94147 27a961 22 API calls 94146->94147 94148 271b79 94147->94148 94149 27a961 22 API calls 94148->94149 94150 271b84 94149->94150 94151 28fddb 22 API calls 94150->94151 94152 271b96 RegisterWindowMessageW 94151->94152 94152->94098 94154 28195d 94153->94154 94155 281981 94153->94155 94162 28196e 94154->94162 94236 290242 5 API calls __Init_thread_wait 94154->94236 94234 290242 5 API calls __Init_thread_wait 94155->94234 94157 28198b 94157->94154 94235 2901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94157->94235 94159 288727 94159->94162 94237 2901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94159->94237 94162->94102 94164 2b272d 94163->94164 94165 271abb 94163->94165 94238 2e3209 23 API calls 94164->94238 94167 28fddb 22 API calls 94165->94167 94169 271ac3 94167->94169 94168 2b2738 94169->94104 94173 28fde0 94170->94173 94171 29ea0c ___std_exception_copy 21 API calls 94171->94173 94172 28fdfa 94172->94111 94173->94171 94173->94172 94176 28fdfc 94173->94176 94239 294ead 7 API calls 2 library calls 94173->94239 94175 29066d 94241 2932a4 RaiseException 94175->94241 94176->94175 94240 2932a4 RaiseException 94176->94240 94179 29068a 94179->94111 94180->94113 94181->94115 94242 2e092a 28 API calls 94181->94242 94183 27a961 22 API calls 94182->94183 94184 2713fc 94183->94184 94185 27a961 22 API calls 94184->94185 94186 271404 94185->94186 94187 27a961 22 API calls 94186->94187 94188 2713c6 94187->94188 94188->94120 94190 276b67 _wcslen 94189->94190 94191 2b4ba1 94189->94191 94194 276ba2 94190->94194 94195 276b7d 94190->94195 94212 2793b2 94191->94212 94193 2b4baa 94193->94193 94196 28fddb 22 API calls 94194->94196 94201 276f34 22 API calls 94195->94201 94198 276bae 94196->94198 94202 28fe0b 94198->94202 94199 276b85 __fread_nolock 94199->94125 94201->94199 94204 28fddb 94202->94204 94205 28fdfa 94204->94205 94208 28fdfc 94204->94208 94216 29ea0c 94204->94216 94223 294ead 7 API calls 2 library calls 94204->94223 94205->94199 94207 29066d 94225 2932a4 RaiseException 94207->94225 94208->94207 94224 2932a4 RaiseException 94208->94224 94211 29068a 94211->94199 94213 2793c9 __fread_nolock 94212->94213 94214 2793c0 94212->94214 94213->94193 94214->94213 94228 27aec9 94214->94228 94221 2a3820 _abort 94216->94221 94217 2a385e 94227 29f2d9 20 API calls _abort 94217->94227 94219 2a3849 RtlAllocateHeap 94220 2a385c 94219->94220 94219->94221 94220->94204 94221->94217 94221->94219 94226 294ead 7 API calls 2 library calls 94221->94226 94223->94204 94224->94207 94225->94211 94226->94221 94227->94220 94229 27aedc 94228->94229 94230 27aed9 __fread_nolock 94228->94230 94231 28fddb 22 API calls 94229->94231 94230->94213 94232 27aee7 94231->94232 94233 28fe0b 22 API calls 94232->94233 94233->94230 94234->94157 94235->94154 94236->94159 94237->94162 94238->94168 94239->94173 94240->94175 94241->94179 94243 272de3 94244 272df0 __wsopen_s 94243->94244 94245 2b2c2b ___scrt_fastfail 94244->94245 94246 272e09 94244->94246 94249 2b2c47 GetOpenFileNameW 94245->94249 94259 273aa2 94246->94259 94251 2b2c96 94249->94251 94252 276b57 22 API calls 94251->94252 94254 2b2cab 94252->94254 94254->94254 94256 272e27 94287 2744a8 94256->94287 94316 2b1f50 94259->94316 94262 273ace 94265 276b57 22 API calls 94262->94265 94263 273ae9 94322 27a6c3 94263->94322 94266 273ada 94265->94266 94318 2737a0 94266->94318 94269 272da5 94270 2b1f50 __wsopen_s 94269->94270 94271 272db2 GetLongPathNameW 94270->94271 94272 276b57 22 API calls 94271->94272 94273 272dda 94272->94273 94274 273598 94273->94274 94275 27a961 22 API calls 94274->94275 94276 2735aa 94275->94276 94277 273aa2 23 API calls 94276->94277 94278 2735b5 94277->94278 94279 2b32eb 94278->94279 94280 2735c0 94278->94280 94285 2b330d 94279->94285 94340 28ce60 41 API calls 94279->94340 94328 27515f 94280->94328 94286 2735df 94286->94256 94341 274ecb 94287->94341 94290 2b3833 94363 2e2cf9 94290->94363 94292 274ecb 94 API calls 94294 2744e1 94292->94294 94293 2b3848 94295 2b3869 94293->94295 94296 2b384c 94293->94296 94294->94290 94297 2744e9 94294->94297 94299 28fe0b 22 API calls 94295->94299 94390 274f39 94296->94390 94300 2744f5 94297->94300 94301 2b3854 94297->94301 94315 2b38ae 94299->94315 94389 27940c 136 API calls 2 library calls 94300->94389 94396 2dda5a 82 API calls 94301->94396 94304 2b3862 94304->94295 94305 272e31 94306 274f39 68 API calls 94307 2b3a5f 94306->94307 94307->94306 94402 2d989b 82 API calls __wsopen_s 94307->94402 94312 279cb3 22 API calls 94312->94315 94315->94307 94315->94312 94397 2d967e 22 API calls __fread_nolock 94315->94397 94398 2d95ad 42 API calls _wcslen 94315->94398 94399 2e0b5a 22 API calls 94315->94399 94400 27a4a1 22 API calls __fread_nolock 94315->94400 94401 273ff7 22 API calls 94315->94401 94317 273aaf GetFullPathNameW 94316->94317 94317->94262 94317->94263 94319 2737ae 94318->94319 94320 2793b2 22 API calls 94319->94320 94321 272e12 94320->94321 94321->94269 94323 27a6dd 94322->94323 94327 27a6d0 94322->94327 94324 28fddb 22 API calls 94323->94324 94325 27a6e7 94324->94325 94326 28fe0b 22 API calls 94325->94326 94326->94327 94327->94266 94329 27516e 94328->94329 94330 27518f __fread_nolock 94328->94330 94332 28fe0b 22 API calls 94329->94332 94331 28fddb 22 API calls 94330->94331 94333 2735cc 94331->94333 94332->94330 94334 2735f3 94333->94334 94335 273624 __fread_nolock 94334->94335 94336 273605 94334->94336 94337 28fddb 22 API calls 94335->94337 94339 28fe0b 22 API calls 94336->94339 94338 27363b 94337->94338 94338->94286 94339->94335 94340->94279 94403 274e90 LoadLibraryA 94341->94403 94346 274ef6 LoadLibraryExW 94411 274e59 LoadLibraryA 94346->94411 94347 2b3ccf 94349 274f39 68 API calls 94347->94349 94351 2b3cd6 94349->94351 94353 274e59 3 API calls 94351->94353 94355 2b3cde 94353->94355 94354 274f20 94354->94355 94356 274f2c 94354->94356 94433 2750f5 94355->94433 94357 274f39 68 API calls 94356->94357 94359 2744cd 94357->94359 94359->94290 94359->94292 94362 2b3d05 94364 2e2d15 94363->94364 94365 27511f 64 API calls 94364->94365 94366 2e2d29 94365->94366 94576 2e2e66 94366->94576 94369 2e2d3f 94369->94293 94370 2750f5 40 API calls 94371 2e2d56 94370->94371 94372 2750f5 40 API calls 94371->94372 94373 2e2d66 94372->94373 94374 2750f5 40 API calls 94373->94374 94375 2e2d81 94374->94375 94376 2750f5 40 API calls 94375->94376 94377 2e2d9c 94376->94377 94378 27511f 64 API calls 94377->94378 94379 2e2db3 94378->94379 94380 29ea0c ___std_exception_copy 21 API calls 94379->94380 94381 2e2dba 94380->94381 94382 29ea0c ___std_exception_copy 21 API calls 94381->94382 94383 2e2dc4 94382->94383 94384 2750f5 40 API calls 94383->94384 94385 2e2dd8 94384->94385 94386 2e28fe 27 API calls 94385->94386 94387 2e2dee 94386->94387 94387->94369 94582 2e22ce 79 API calls 94387->94582 94389->94305 94391 274f43 94390->94391 94393 274f4a 94390->94393 94583 29e678 94391->94583 94394 274f6a FreeLibrary 94393->94394 94395 274f59 94393->94395 94394->94395 94395->94301 94396->94304 94397->94315 94398->94315 94399->94315 94400->94315 94401->94315 94402->94307 94404 274ec6 94403->94404 94405 274ea8 GetProcAddress 94403->94405 94408 29e5eb 94404->94408 94406 274eb8 94405->94406 94406->94404 94407 274ebf FreeLibrary 94406->94407 94407->94404 94441 29e52a 94408->94441 94410 274eea 94410->94346 94410->94347 94412 274e6e GetProcAddress 94411->94412 94413 274e8d 94411->94413 94414 274e7e 94412->94414 94416 274f80 94413->94416 94414->94413 94415 274e86 FreeLibrary 94414->94415 94415->94413 94417 28fe0b 22 API calls 94416->94417 94418 274f95 94417->94418 94502 275722 94418->94502 94420 274fa1 __fread_nolock 94421 2750a5 94420->94421 94422 2b3d1d 94420->94422 94432 274fdc 94420->94432 94505 2742a2 CreateStreamOnHGlobal 94421->94505 94516 2e304d 74 API calls 94422->94516 94425 2b3d22 94427 27511f 64 API calls 94425->94427 94426 2750f5 40 API calls 94426->94432 94428 2b3d45 94427->94428 94429 2750f5 40 API calls 94428->94429 94431 27506e ISource 94429->94431 94431->94354 94432->94425 94432->94426 94432->94431 94511 27511f 94432->94511 94434 275107 94433->94434 94435 2b3d70 94433->94435 94538 29e8c4 94434->94538 94438 2e28fe 94559 2e274e 94438->94559 94440 2e2919 94440->94362 94443 29e536 BuildCatchObjectHelperInternal 94441->94443 94442 29e544 94466 29f2d9 20 API calls _abort 94442->94466 94443->94442 94445 29e574 94443->94445 94447 29e579 94445->94447 94448 29e586 94445->94448 94446 29e549 94467 2a27ec 26 API calls _abort 94446->94467 94468 29f2d9 20 API calls _abort 94447->94468 94458 2a8061 94448->94458 94452 29e58f 94453 29e5a2 94452->94453 94454 29e595 94452->94454 94470 29e5d4 LeaveCriticalSection __fread_nolock 94453->94470 94469 29f2d9 20 API calls _abort 94454->94469 94455 29e554 __fread_nolock 94455->94410 94459 2a806d BuildCatchObjectHelperInternal 94458->94459 94471 2a2f5e EnterCriticalSection 94459->94471 94461 2a807b 94472 2a80fb 94461->94472 94465 2a80ac __fread_nolock 94465->94452 94466->94446 94467->94455 94468->94455 94469->94455 94470->94455 94471->94461 94480 2a811e 94472->94480 94473 2a8088 94486 2a80b7 94473->94486 94474 2a8177 94491 2a4c7d 20 API calls 2 library calls 94474->94491 94476 2a8180 94492 2a29c8 94476->94492 94479 2a8189 94479->94473 94498 2a3405 11 API calls 2 library calls 94479->94498 94480->94473 94480->94474 94480->94480 94489 29918d EnterCriticalSection 94480->94489 94490 2991a1 LeaveCriticalSection 94480->94490 94483 2a81a8 94499 29918d EnterCriticalSection 94483->94499 94485 2a81bb 94485->94473 94501 2a2fa6 LeaveCriticalSection 94486->94501 94488 2a80be 94488->94465 94489->94480 94490->94480 94491->94476 94493 2a29d3 RtlFreeHeap 94492->94493 94494 2a29fc _free 94492->94494 94493->94494 94495 2a29e8 94493->94495 94494->94479 94500 29f2d9 20 API calls _abort 94495->94500 94497 2a29ee GetLastError 94497->94494 94498->94483 94499->94485 94500->94497 94501->94488 94503 28fddb 22 API calls 94502->94503 94504 275734 94503->94504 94504->94420 94506 2742bc FindResourceExW 94505->94506 94507 2742d9 94505->94507 94506->94507 94508 2b35ba LoadResource 94506->94508 94507->94432 94508->94507 94509 2b35cf SizeofResource 94508->94509 94509->94507 94510 2b35e3 LockResource 94509->94510 94510->94507 94512 27512e 94511->94512 94513 2b3d90 94511->94513 94517 29ece3 94512->94517 94516->94425 94520 29eaaa 94517->94520 94519 27513c 94519->94432 94523 29eab6 BuildCatchObjectHelperInternal 94520->94523 94521 29eac2 94533 29f2d9 20 API calls _abort 94521->94533 94522 29eae8 94535 29918d EnterCriticalSection 94522->94535 94523->94521 94523->94522 94526 29eac7 94534 2a27ec 26 API calls _abort 94526->94534 94527 29eaf4 94536 29ec0a 62 API calls 2 library calls 94527->94536 94530 29ead2 __fread_nolock 94530->94519 94531 29eb08 94537 29eb27 LeaveCriticalSection __fread_nolock 94531->94537 94533->94526 94534->94530 94535->94527 94536->94531 94537->94530 94541 29e8e1 94538->94541 94540 275118 94540->94438 94542 29e8ed BuildCatchObjectHelperInternal 94541->94542 94543 29e92d 94542->94543 94544 29e925 __fread_nolock 94542->94544 94548 29e900 ___scrt_fastfail 94542->94548 94556 29918d EnterCriticalSection 94543->94556 94544->94540 94547 29e937 94557 29e6f8 38 API calls 4 library calls 94547->94557 94554 29f2d9 20 API calls _abort 94548->94554 94549 29e91a 94555 2a27ec 26 API calls _abort 94549->94555 94552 29e94e 94558 29e96c LeaveCriticalSection __fread_nolock 94552->94558 94554->94549 94555->94544 94556->94547 94557->94552 94558->94544 94562 29e4e8 94559->94562 94561 2e275d 94561->94440 94565 29e469 94562->94565 94564 29e505 94564->94561 94566 29e478 94565->94566 94567 29e48c 94565->94567 94573 29f2d9 20 API calls _abort 94566->94573 94572 29e488 __alldvrm 94567->94572 94575 2a333f 11 API calls 2 library calls 94567->94575 94569 29e47d 94574 2a27ec 26 API calls _abort 94569->94574 94572->94564 94573->94569 94574->94572 94575->94572 94580 2e2e7a 94576->94580 94577 2e2d3b 94577->94369 94577->94370 94578 2750f5 40 API calls 94578->94580 94579 2e28fe 27 API calls 94579->94580 94580->94577 94580->94578 94580->94579 94581 27511f 64 API calls 94580->94581 94581->94580 94582->94369 94584 29e684 BuildCatchObjectHelperInternal 94583->94584 94585 29e6aa 94584->94585 94586 29e695 94584->94586 94595 29e6a5 __fread_nolock 94585->94595 94598 29918d EnterCriticalSection 94585->94598 94596 29f2d9 20 API calls _abort 94586->94596 94589 29e69a 94597 2a27ec 26 API calls _abort 94589->94597 94590 29e6c6 94599 29e602 94590->94599 94593 29e6d1 94615 29e6ee LeaveCriticalSection __fread_nolock 94593->94615 94595->94393 94596->94589 94597->94595 94598->94590 94600 29e60f 94599->94600 94601 29e624 94599->94601 94616 29f2d9 20 API calls _abort 94600->94616 94607 29e61f 94601->94607 94618 29dc0b 94601->94618 94603 29e614 94617 2a27ec 26 API calls _abort 94603->94617 94607->94593 94611 29e646 94635 2a862f 94611->94635 94614 2a29c8 _free 20 API calls 94614->94607 94615->94595 94616->94603 94617->94607 94619 29dc23 94618->94619 94623 29dc1f 94618->94623 94620 29d955 __fread_nolock 26 API calls 94619->94620 94619->94623 94621 29dc43 94620->94621 94650 2a59be 62 API calls 6 library calls 94621->94650 94624 2a4d7a 94623->94624 94625 2a4d90 94624->94625 94626 29e640 94624->94626 94625->94626 94627 2a29c8 _free 20 API calls 94625->94627 94628 29d955 94626->94628 94627->94626 94629 29d961 94628->94629 94630 29d976 94628->94630 94651 29f2d9 20 API calls _abort 94629->94651 94630->94611 94632 29d966 94652 2a27ec 26 API calls _abort 94632->94652 94634 29d971 94634->94611 94636 2a863e 94635->94636 94637 2a8653 94635->94637 94653 29f2c6 20 API calls _abort 94636->94653 94639 2a868e 94637->94639 94643 2a867a 94637->94643 94658 29f2c6 20 API calls _abort 94639->94658 94640 2a8643 94654 29f2d9 20 API calls _abort 94640->94654 94655 2a8607 94643->94655 94644 2a8693 94659 29f2d9 20 API calls _abort 94644->94659 94647 29e64c 94647->94607 94647->94614 94648 2a869b 94660 2a27ec 26 API calls _abort 94648->94660 94650->94623 94651->94632 94652->94634 94653->94640 94654->94647 94661 2a8585 94655->94661 94657 2a862b 94657->94647 94658->94644 94659->94648 94660->94647 94662 2a8591 BuildCatchObjectHelperInternal 94661->94662 94672 2a5147 EnterCriticalSection 94662->94672 94664 2a859f 94665 2a85d1 94664->94665 94666 2a85c6 94664->94666 94688 29f2d9 20 API calls _abort 94665->94688 94673 2a86ae 94666->94673 94669 2a85cc 94689 2a85fb LeaveCriticalSection __wsopen_s 94669->94689 94671 2a85ee __fread_nolock 94671->94657 94672->94664 94690 2a53c4 94673->94690 94675 2a86c4 94703 2a5333 21 API calls 3 library calls 94675->94703 94676 2a86be 94676->94675 94678 2a53c4 __wsopen_s 26 API calls 94676->94678 94687 2a86f6 94676->94687 94681 2a86ed 94678->94681 94679 2a53c4 __wsopen_s 26 API calls 94682 2a8702 CloseHandle 94679->94682 94680 2a871c 94686 2a873e 94680->94686 94704 29f2a3 20 API calls 2 library calls 94680->94704 94684 2a53c4 __wsopen_s 26 API calls 94681->94684 94682->94675 94685 2a870e GetLastError 94682->94685 94684->94687 94685->94675 94686->94669 94687->94675 94687->94679 94688->94669 94689->94671 94691 2a53d1 94690->94691 94692 2a53e6 94690->94692 94705 29f2c6 20 API calls _abort 94691->94705 94697 2a540b 94692->94697 94707 29f2c6 20 API calls _abort 94692->94707 94694 2a53d6 94706 29f2d9 20 API calls _abort 94694->94706 94697->94676 94698 2a5416 94708 29f2d9 20 API calls _abort 94698->94708 94699 2a53de 94699->94676 94701 2a541e 94709 2a27ec 26 API calls _abort 94701->94709 94703->94680 94704->94686 94705->94694 94706->94699 94707->94698 94708->94701 94709->94699 94710 302a55 94718 2e1ebc 94710->94718 94713 302a70 94720 2d39c0 22 API calls 94713->94720 94714 302a87 94716 302a7c 94721 2d417d 22 API calls __fread_nolock 94716->94721 94719 2e1ec3 IsWindow 94718->94719 94719->94713 94719->94714 94720->94716 94721->94714 94722 2a8402 94727 2a81be 94722->94727 94726 2a842a 94732 2a81ef try_get_first_available_module 94727->94732 94729 2a83ee 94746 2a27ec 26 API calls _abort 94729->94746 94731 2a8343 94731->94726 94739 2b0984 94731->94739 94735 2a8338 94732->94735 94742 298e0b 40 API calls 2 library calls 94732->94742 94734 2a838c 94734->94735 94743 298e0b 40 API calls 2 library calls 94734->94743 94735->94731 94745 29f2d9 20 API calls _abort 94735->94745 94737 2a83ab 94737->94735 94744 298e0b 40 API calls 2 library calls 94737->94744 94747 2b0081 94739->94747 94741 2b099f 94741->94726 94742->94734 94743->94737 94744->94735 94745->94729 94746->94731 94750 2b008d BuildCatchObjectHelperInternal 94747->94750 94748 2b009b 94804 29f2d9 20 API calls _abort 94748->94804 94750->94748 94752 2b00d4 94750->94752 94751 2b00a0 94805 2a27ec 26 API calls _abort 94751->94805 94758 2b065b 94752->94758 94757 2b00aa __fread_nolock 94757->94741 94759 2b0678 94758->94759 94760 2b068d 94759->94760 94761 2b06a6 94759->94761 94821 29f2c6 20 API calls _abort 94760->94821 94807 2a5221 94761->94807 94764 2b06ab 94766 2b06cb 94764->94766 94767 2b06b4 94764->94767 94765 2b0692 94822 29f2d9 20 API calls _abort 94765->94822 94820 2b039a CreateFileW 94766->94820 94823 29f2c6 20 API calls _abort 94767->94823 94771 2b06b9 94824 29f2d9 20 API calls _abort 94771->94824 94773 2b0781 GetFileType 94774 2b078c GetLastError 94773->94774 94775 2b07d3 94773->94775 94827 29f2a3 20 API calls 2 library calls 94774->94827 94829 2a516a 21 API calls 3 library calls 94775->94829 94776 2b0756 GetLastError 94826 29f2a3 20 API calls 2 library calls 94776->94826 94778 2b0704 94778->94773 94778->94776 94825 2b039a CreateFileW 94778->94825 94780 2b079a CloseHandle 94780->94765 94782 2b07c3 94780->94782 94828 29f2d9 20 API calls _abort 94782->94828 94784 2b0749 94784->94773 94784->94776 94786 2b07c8 94786->94765 94787 2b07f4 94788 2b0840 94787->94788 94830 2b05ab 72 API calls 4 library calls 94787->94830 94792 2b086d 94788->94792 94831 2b014d 72 API calls 4 library calls 94788->94831 94791 2b0866 94791->94792 94793 2b087e 94791->94793 94794 2a86ae __wsopen_s 29 API calls 94792->94794 94795 2b00f8 94793->94795 94796 2b08fc CloseHandle 94793->94796 94794->94795 94806 2b0121 LeaveCriticalSection __wsopen_s 94795->94806 94832 2b039a CreateFileW 94796->94832 94798 2b0927 94799 2b095d 94798->94799 94800 2b0931 GetLastError 94798->94800 94799->94795 94833 29f2a3 20 API calls 2 library calls 94800->94833 94802 2b093d 94834 2a5333 21 API calls 3 library calls 94802->94834 94804->94751 94805->94757 94806->94757 94808 2a522d BuildCatchObjectHelperInternal 94807->94808 94835 2a2f5e EnterCriticalSection 94808->94835 94810 2a527b 94836 2a532a 94810->94836 94812 2a5259 94839 2a5000 21 API calls 3 library calls 94812->94839 94813 2a5234 94813->94810 94813->94812 94817 2a52c7 EnterCriticalSection 94813->94817 94814 2a52a4 __fread_nolock 94814->94764 94816 2a525e 94816->94810 94840 2a5147 EnterCriticalSection 94816->94840 94817->94810 94818 2a52d4 LeaveCriticalSection 94817->94818 94818->94813 94820->94778 94821->94765 94822->94795 94823->94771 94824->94765 94825->94784 94826->94765 94827->94780 94828->94786 94829->94787 94830->94788 94831->94791 94832->94798 94833->94802 94834->94799 94835->94813 94841 2a2fa6 LeaveCriticalSection 94836->94841 94838 2a5331 94838->94814 94839->94816 94840->94810 94841->94838 94842 2b2402 94845 271410 94842->94845 94846 2b24b8 DestroyWindow 94845->94846 94847 27144f mciSendStringW 94845->94847 94860 2b24c4 94846->94860 94848 2716c6 94847->94848 94849 27146b 94847->94849 94848->94849 94850 2716d5 UnregisterHotKey 94848->94850 94851 271479 94849->94851 94849->94860 94850->94848 94878 27182e 94851->94878 94854 2b2509 94859 2b252d 94854->94859 94861 2b251c FreeLibrary 94854->94861 94855 2b24d8 94855->94860 94884 276246 CloseHandle 94855->94884 94856 2b24e2 FindClose 94856->94860 94857 27148e 94857->94859 94865 27149c 94857->94865 94862 2b2541 VirtualFree 94859->94862 94867 271509 94859->94867 94860->94854 94860->94855 94860->94856 94861->94854 94862->94859 94863 2714f8 CoUninitialize 94863->94867 94864 2b2589 94871 2b2598 ISource 94864->94871 94885 2e32eb 6 API calls ISource 94864->94885 94865->94863 94867->94864 94868 271514 94867->94868 94882 271944 VirtualFreeEx CloseHandle 94868->94882 94870 27153a 94873 271561 94870->94873 94874 2b2627 94871->94874 94886 2d64d4 22 API calls ISource 94871->94886 94873->94871 94875 27161f 94873->94875 94874->94874 94875->94874 94883 271876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 94875->94883 94877 2716c1 94879 27183b 94878->94879 94880 271480 94879->94880 94887 2d702a 22 API calls 94879->94887 94880->94854 94880->94857 94882->94870 94883->94877 94884->94855 94885->94864 94886->94871 94887->94879 94888 271cad SystemParametersInfoW 94889 2c2a00 94904 27d7b0 ISource 94889->94904 94890 27db11 PeekMessageW 94890->94904 94891 27d807 GetInputState 94891->94890 94891->94904 94893 2c1cbe TranslateAcceleratorW 94893->94904 94894 27da04 timeGetTime 94894->94904 94895 27db73 TranslateMessage DispatchMessageW 94896 27db8f PeekMessageW 94895->94896 94896->94904 94897 27dbaf Sleep 94897->94904 94898 2c2b74 Sleep 94911 2c2a51 94898->94911 94901 2c1dda timeGetTime 95050 28e300 23 API calls 94901->95050 94904->94890 94904->94891 94904->94893 94904->94894 94904->94895 94904->94896 94904->94897 94904->94898 94904->94901 94906 27d9d5 94904->94906 94904->94911 94921 27dd50 94904->94921 94928 281310 94904->94928 94985 27bf40 94904->94985 95043 28edf6 94904->95043 95048 27dfd0 348 API calls 3 library calls 94904->95048 95049 28e551 timeGetTime 94904->95049 95051 2e3a2a 23 API calls 94904->95051 95052 27ec40 94904->95052 95076 2e359c 82 API calls __wsopen_s 94904->95076 94905 2c2c0b GetExitCodeProcess 94908 2c2c37 CloseHandle 94905->94908 94909 2c2c21 WaitForSingleObject 94905->94909 94908->94911 94909->94904 94909->94908 94910 3029bf GetForegroundWindow 94910->94911 94911->94904 94911->94905 94911->94906 94911->94910 94912 2c2ca9 Sleep 94911->94912 95077 2f5658 23 API calls 94911->95077 95078 2de97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 94911->95078 95079 28e551 timeGetTime 94911->95079 95080 2dd4dc CreateToolhelp32Snapshot Process32FirstW 94911->95080 94912->94904 94922 27dd83 94921->94922 94923 27dd6f 94921->94923 95122 2e359c 82 API calls __wsopen_s 94922->95122 95090 27d260 94923->95090 94925 27dd7a 94925->94904 94927 2c2f75 94927->94927 94929 2817b0 94928->94929 94930 281376 94928->94930 95161 290242 5 API calls __Init_thread_wait 94929->95161 94932 281390 94930->94932 94933 2c6331 94930->94933 94934 281940 9 API calls 94932->94934 95181 2f709c 348 API calls 94933->95181 94937 2813a0 94934->94937 94936 2817ba 94939 2817fb 94936->94939 95162 279cb3 94936->95162 94940 281940 9 API calls 94937->94940 94938 2c633d 94938->94904 94943 2c6346 94939->94943 94945 28182c 94939->94945 94942 2813b6 94940->94942 94942->94939 94944 2813ec 94942->94944 95182 2e359c 82 API calls __wsopen_s 94943->95182 94944->94943 94968 281408 __fread_nolock 94944->94968 95169 27aceb 94945->95169 94948 281839 95179 28d217 348 API calls 94948->95179 94949 2817d4 95168 2901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94949->95168 94952 2c636e 95183 2e359c 82 API calls __wsopen_s 94952->95183 94953 28152f 94955 28153c 94953->94955 94956 2c63d1 94953->94956 94957 281940 9 API calls 94955->94957 95185 2f5745 54 API calls _wcslen 94956->95185 94959 281549 94957->94959 94962 2c64fa 94959->94962 94964 281940 9 API calls 94959->94964 94960 28fddb 22 API calls 94960->94968 94961 28fe0b 22 API calls 94961->94968 94972 2c6369 94962->94972 95187 2e359c 82 API calls __wsopen_s 94962->95187 94963 281872 95180 28faeb 23 API calls 94963->95180 94970 281563 94964->94970 94967 27ec40 348 API calls 94967->94968 94968->94948 94968->94952 94968->94953 94968->94960 94968->94961 94968->94967 94969 2c63b2 94968->94969 94968->94972 95184 2e359c 82 API calls __wsopen_s 94969->95184 94970->94962 94975 2815c7 ISource 94970->94975 95186 27a8c7 22 API calls __fread_nolock 94970->95186 94972->94904 94974 281940 9 API calls 94974->94975 94975->94962 94975->94963 94975->94972 94975->94974 94977 28167b ISource 94975->94977 95132 301591 94975->95132 95135 2e5c5a 94975->95135 95140 2fab67 94975->95140 95143 2fa2ea 94975->95143 95148 2fabf7 94975->95148 95153 28f645 94975->95153 94976 28171d 94976->94904 94977->94976 95160 28ce17 22 API calls ISource 94977->95160 95361 27adf0 94985->95361 94987 27bf9d 94988 2c04b6 94987->94988 94989 27bfa9 94987->94989 95379 2e359c 82 API calls __wsopen_s 94988->95379 94991 2c04c6 94989->94991 94992 27c01e 94989->94992 95380 2e359c 82 API calls __wsopen_s 94991->95380 95366 27ac91 94992->95366 94995 2d7120 22 API calls 95029 27c039 ISource __fread_nolock 94995->95029 94996 27c7da 95000 28fe0b 22 API calls 94996->95000 95005 27c808 __fread_nolock 95000->95005 95002 2c04f5 95006 2c055a 95002->95006 95381 28d217 348 API calls 95002->95381 95011 28fe0b 22 API calls 95005->95011 95042 27c603 95006->95042 95382 2e359c 82 API calls __wsopen_s 95006->95382 95007 27ec40 348 API calls 95007->95029 95008 28fddb 22 API calls 95008->95029 95009 27af8a 22 API calls 95009->95029 95010 2c091a 95391 2e3209 23 API calls 95010->95391 95028 27c350 ISource __fread_nolock 95011->95028 95014 2c08a5 95015 27ec40 348 API calls 95014->95015 95017 2c08cf 95015->95017 95017->95042 95389 27a81b 41 API calls 95017->95389 95018 2c0591 95383 2e359c 82 API calls __wsopen_s 95018->95383 95021 2c08f6 95390 2e359c 82 API calls __wsopen_s 95021->95390 95024 27c3ac 95024->94904 95025 27aceb 23 API calls 95025->95029 95026 27c237 95027 27c253 95026->95027 95392 27a8c7 22 API calls __fread_nolock 95026->95392 95031 2c0976 95027->95031 95035 27c297 ISource 95027->95035 95028->95024 95378 28ce17 22 API calls ISource 95028->95378 95029->94995 95029->94996 95029->95002 95029->95005 95029->95006 95029->95007 95029->95008 95029->95009 95029->95010 95029->95014 95029->95018 95029->95021 95029->95025 95029->95026 95034 2c09bf 95029->95034 95038 27bbe0 40 API calls 95029->95038 95041 28fe0b 22 API calls 95029->95041 95029->95042 95370 27ad81 95029->95370 95384 2d7099 22 API calls __fread_nolock 95029->95384 95385 2f5745 54 API calls _wcslen 95029->95385 95386 28aa42 22 API calls ISource 95029->95386 95387 2df05c 40 API calls 95029->95387 95388 27a993 41 API calls 95029->95388 95033 27aceb 23 API calls 95031->95033 95033->95034 95034->95042 95393 2e359c 82 API calls __wsopen_s 95034->95393 95035->95034 95036 27aceb 23 API calls 95035->95036 95037 27c335 95036->95037 95037->95034 95039 27c342 95037->95039 95038->95029 95377 27a704 22 API calls ISource 95039->95377 95041->95029 95042->94904 95044 28ee09 95043->95044 95047 28ee12 95043->95047 95044->94904 95045 28ee36 IsDialogMessageW 95045->95044 95045->95047 95046 2cefaf GetClassLongW 95046->95045 95046->95047 95047->95044 95047->95045 95047->95046 95048->94904 95049->94904 95050->94904 95051->94904 95071 27ec76 ISource 95052->95071 95053 2900a3 29 API calls pre_c_initialization 95053->95071 95054 28fddb 22 API calls 95054->95071 95056 27fef7 95069 27ed9d ISource 95056->95069 95406 27a8c7 22 API calls __fread_nolock 95056->95406 95058 2c4600 95058->95069 95405 27a8c7 22 API calls __fread_nolock 95058->95405 95059 2c4b0b 95408 2e359c 82 API calls __wsopen_s 95059->95408 95060 27a8c7 22 API calls 95060->95071 95066 290242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95066->95071 95067 27fbe3 95067->95069 95070 2c4bdc 95067->95070 95075 27f3ae ISource 95067->95075 95068 27a961 22 API calls 95068->95071 95069->94904 95409 2e359c 82 API calls __wsopen_s 95070->95409 95071->95053 95071->95054 95071->95056 95071->95058 95071->95059 95071->95060 95071->95066 95071->95067 95071->95068 95071->95069 95073 2c4beb 95071->95073 95074 2901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95071->95074 95071->95075 95403 2801e0 348 API calls 2 library calls 95071->95403 95404 2806a0 41 API calls ISource 95071->95404 95410 2e359c 82 API calls __wsopen_s 95073->95410 95074->95071 95075->95069 95407 2e359c 82 API calls __wsopen_s 95075->95407 95076->94904 95077->94911 95078->94911 95079->94911 95411 2ddef7 95080->95411 95082 2dd529 Process32NextW 95083 2dd5db CloseHandle 95082->95083 95089 2dd522 95082->95089 95083->94911 95084 27a961 22 API calls 95084->95089 95085 279cb3 22 API calls 95085->95089 95089->95082 95089->95083 95089->95084 95089->95085 95417 27525f 22 API calls 95089->95417 95418 276350 22 API calls 95089->95418 95419 28ce60 41 API calls 95089->95419 95091 27ec40 348 API calls 95090->95091 95108 27d29d 95091->95108 95092 2c1bc4 95131 2e359c 82 API calls __wsopen_s 95092->95131 95094 27d30b ISource 95094->94925 95095 27d6d5 95095->95094 95106 28fe0b 22 API calls 95095->95106 95096 27d3c3 95096->95095 95098 27d3ce 95096->95098 95097 27d5ff 95100 27d614 95097->95100 95101 2c1bb5 95097->95101 95099 28fddb 22 API calls 95098->95099 95111 27d3d5 __fread_nolock 95099->95111 95103 28fddb 22 API calls 95100->95103 95130 2f5705 23 API calls 95101->95130 95102 27d4b8 95107 28fe0b 22 API calls 95102->95107 95114 27d46a 95103->95114 95105 28fddb 22 API calls 95105->95108 95106->95111 95117 27d429 ISource __fread_nolock 95107->95117 95108->95092 95108->95094 95108->95095 95108->95096 95108->95102 95108->95105 95108->95117 95109 28fddb 22 API calls 95110 27d3f6 95109->95110 95110->95117 95123 27bec0 348 API calls 95110->95123 95111->95109 95111->95110 95113 2c1ba4 95129 2e359c 82 API calls __wsopen_s 95113->95129 95114->94925 95117->95097 95117->95113 95117->95114 95118 2c1b7f 95117->95118 95120 2c1b5d 95117->95120 95124 271f6f 95117->95124 95128 2e359c 82 API calls __wsopen_s 95118->95128 95127 2e359c 82 API calls __wsopen_s 95120->95127 95122->94927 95123->95117 95125 27ec40 348 API calls 95124->95125 95126 271f98 95125->95126 95126->95117 95127->95114 95128->95114 95129->95114 95130->95092 95131->95094 95188 302ad8 95132->95188 95134 30159f 95134->94975 95136 277510 53 API calls 95135->95136 95137 2e5c6d 95136->95137 95226 2ddbbe lstrlenW 95137->95226 95139 2e5c77 95139->94975 95231 2faff9 95140->95231 95144 277510 53 API calls 95143->95144 95145 2fa306 95144->95145 95146 2dd4dc 47 API calls 95145->95146 95147 2fa315 95146->95147 95147->94975 95149 2faff9 217 API calls 95148->95149 95151 2fac0c 95149->95151 95150 2fac54 95150->94975 95151->95150 95152 27aceb 23 API calls 95151->95152 95152->95150 95154 27b567 39 API calls 95153->95154 95155 28f659 95154->95155 95156 2cf2dc Sleep 95155->95156 95157 28f661 timeGetTime 95155->95157 95158 27b567 39 API calls 95157->95158 95159 28f677 95158->95159 95159->94975 95160->94977 95161->94936 95163 279cc2 _wcslen 95162->95163 95164 28fe0b 22 API calls 95163->95164 95165 279cea __fread_nolock 95164->95165 95166 28fddb 22 API calls 95165->95166 95167 279d00 95166->95167 95167->94949 95168->94939 95170 27acf9 95169->95170 95174 27ad2a ISource 95169->95174 95171 27ad55 95170->95171 95172 27ad01 ISource 95170->95172 95171->95174 95359 27a8c7 22 API calls __fread_nolock 95171->95359 95172->95174 95175 2bfa48 95172->95175 95176 27ad21 95172->95176 95174->94948 95175->95174 95360 28ce17 22 API calls ISource 95175->95360 95176->95174 95177 2bfa3a VariantClear 95176->95177 95177->95174 95179->94963 95180->94963 95181->94938 95182->94972 95183->94972 95184->94972 95185->94970 95186->94975 95187->94972 95189 27aceb 23 API calls 95188->95189 95190 302af3 95189->95190 95191 302b1d 95190->95191 95192 302aff 95190->95192 95194 276b57 22 API calls 95191->95194 95198 277510 95192->95198 95196 302b1b 95194->95196 95196->95134 95199 277525 95198->95199 95215 277522 95198->95215 95200 27752d 95199->95200 95201 27755b 95199->95201 95222 2951c6 26 API calls 95200->95222 95205 27756d 95201->95205 95210 2b500f 95201->95210 95211 2b50f6 95201->95211 95203 27753d 95209 28fddb 22 API calls 95203->95209 95223 28fb21 51 API calls 95205->95223 95206 2b510e 95206->95206 95212 277547 95209->95212 95214 28fe0b 22 API calls 95210->95214 95220 2b5088 95210->95220 95225 295183 26 API calls 95211->95225 95213 279cb3 22 API calls 95212->95213 95213->95215 95216 2b5058 95214->95216 95215->95196 95221 27a8c7 22 API calls __fread_nolock 95215->95221 95217 28fddb 22 API calls 95216->95217 95218 2b507f 95217->95218 95219 279cb3 22 API calls 95218->95219 95219->95220 95224 28fb21 51 API calls 95220->95224 95221->95196 95222->95203 95223->95203 95224->95211 95225->95206 95227 2ddbdc GetFileAttributesW 95226->95227 95228 2ddc06 95226->95228 95227->95228 95229 2ddbe8 FindFirstFileW 95227->95229 95228->95139 95229->95228 95230 2ddbf9 FindClose 95229->95230 95230->95228 95232 2fb01d ___scrt_fastfail 95231->95232 95233 2fb058 95232->95233 95234 2fb094 95232->95234 95329 27b567 95233->95329 95238 27b567 39 API calls 95234->95238 95239 2fb08b 95234->95239 95236 2fb063 95236->95239 95242 27b567 39 API calls 95236->95242 95237 2fb0ed 95240 277510 53 API calls 95237->95240 95241 2fb0a5 95238->95241 95239->95237 95243 27b567 39 API calls 95239->95243 95244 2fb10b 95240->95244 95245 27b567 39 API calls 95241->95245 95246 2fb078 95242->95246 95243->95237 95322 277620 95244->95322 95245->95239 95248 27b567 39 API calls 95246->95248 95248->95239 95249 2fb115 95250 2fb11f 95249->95250 95251 2fb1d8 95249->95251 95253 277510 53 API calls 95250->95253 95252 2fb20a GetCurrentDirectoryW 95251->95252 95254 277510 53 API calls 95251->95254 95255 28fe0b 22 API calls 95252->95255 95256 2fb130 95253->95256 95259 2fb1ef 95254->95259 95257 2fb22f GetCurrentDirectoryW 95255->95257 95258 277620 22 API calls 95256->95258 95260 2fb23c 95257->95260 95261 2fb13a 95258->95261 95262 277620 22 API calls 95259->95262 95265 2fb275 95260->95265 95334 279c6e 22 API calls 95260->95334 95263 277510 53 API calls 95261->95263 95264 2fb1f9 _wcslen 95262->95264 95266 2fb14b 95263->95266 95264->95252 95264->95265 95273 2fb28b 95265->95273 95274 2fb287 95265->95274 95268 277620 22 API calls 95266->95268 95270 2fb155 95268->95270 95269 2fb255 95335 279c6e 22 API calls 95269->95335 95272 277510 53 API calls 95270->95272 95276 2fb166 95272->95276 95337 2e07c0 10 API calls 95273->95337 95278 2fb39a CreateProcessW 95274->95278 95279 2fb2f8 95274->95279 95275 2fb265 95336 279c6e 22 API calls 95275->95336 95281 277620 22 API calls 95276->95281 95321 2fb32f _wcslen 95278->95321 95340 2d11c8 39 API calls 95279->95340 95285 2fb170 95281->95285 95282 2fb294 95338 2e06e6 10 API calls 95282->95338 95288 2fb1a6 GetSystemDirectoryW 95285->95288 95293 277510 53 API calls 95285->95293 95286 2fb2aa 95339 2e05a7 8 API calls 95286->95339 95287 2fb2fd 95291 2fb32a 95287->95291 95292 2fb323 95287->95292 95290 28fe0b 22 API calls 95288->95290 95295 2fb1cb GetSystemDirectoryW 95290->95295 95342 2d14ce 6 API calls 95291->95342 95341 2d1201 128 API calls 2 library calls 95292->95341 95297 2fb187 95293->95297 95294 2fb2d0 95294->95274 95295->95260 95300 277620 22 API calls 95297->95300 95299 2fb328 95299->95321 95303 2fb191 _wcslen 95300->95303 95301 2fb42f CloseHandle 95304 2fb43f 95301->95304 95311 2fb49a 95301->95311 95302 2fb3d6 GetLastError 95314 2fb41a 95302->95314 95303->95260 95303->95288 95305 2fb446 CloseHandle 95304->95305 95306 2fb451 95304->95306 95305->95306 95308 2fb458 CloseHandle 95306->95308 95309 2fb463 95306->95309 95308->95309 95312 2fb46a CloseHandle 95309->95312 95313 2fb475 95309->95313 95310 2fb4a6 95310->95314 95311->95310 95317 2fb4d2 CloseHandle 95311->95317 95312->95313 95343 2e09d9 34 API calls 95313->95343 95326 2e0175 95314->95326 95317->95314 95319 2fb486 95344 2fb536 25 API calls 95319->95344 95321->95301 95321->95302 95323 27762a _wcslen 95322->95323 95324 28fe0b 22 API calls 95323->95324 95325 27763f 95324->95325 95325->95249 95345 2e030f 95326->95345 95330 27b578 95329->95330 95331 27b57f 95329->95331 95330->95331 95358 2962d1 39 API calls 95330->95358 95331->95236 95333 27b5c2 95333->95236 95334->95269 95335->95275 95336->95265 95337->95282 95338->95286 95339->95294 95340->95287 95341->95299 95342->95321 95343->95319 95344->95311 95346 2e0329 95345->95346 95347 2e0321 CloseHandle 95345->95347 95348 2e032e CloseHandle 95346->95348 95349 2e0336 95346->95349 95347->95346 95348->95349 95350 2e033b CloseHandle 95349->95350 95351 2e0343 95349->95351 95350->95351 95352 2e0348 CloseHandle 95351->95352 95353 2e0350 95351->95353 95352->95353 95354 2e035d 95353->95354 95355 2e0355 CloseHandle 95353->95355 95356 2e017d 95354->95356 95357 2e0362 CloseHandle 95354->95357 95355->95354 95356->94975 95357->95356 95358->95333 95359->95174 95360->95174 95362 27ae01 95361->95362 95365 27ae1c ISource 95361->95365 95363 27aec9 22 API calls 95362->95363 95364 27ae09 CharUpperBuffW 95363->95364 95364->95365 95365->94987 95368 27acae 95366->95368 95367 27acd1 95367->95029 95368->95367 95394 2e359c 82 API calls __wsopen_s 95368->95394 95371 2bfadb 95370->95371 95372 27ad92 95370->95372 95373 28fddb 22 API calls 95372->95373 95374 27ad99 95373->95374 95395 27adcd 95374->95395 95377->95028 95378->95028 95379->94991 95380->95042 95381->95006 95382->95042 95383->95042 95384->95029 95385->95029 95386->95029 95387->95029 95388->95029 95389->95021 95390->95042 95391->95026 95392->95027 95393->95042 95394->95367 95399 27addd 95395->95399 95396 27adb6 95396->95029 95397 28fddb 22 API calls 95397->95399 95398 27a961 22 API calls 95398->95399 95399->95396 95399->95397 95399->95398 95401 27adcd 22 API calls 95399->95401 95402 27a8c7 22 API calls __fread_nolock 95399->95402 95401->95399 95402->95399 95403->95071 95404->95071 95405->95069 95406->95069 95407->95069 95408->95069 95409->95073 95410->95069 95412 2ddf02 95411->95412 95413 2ddf19 95412->95413 95416 2ddf1f 95412->95416 95420 2963b2 GetStringTypeW _strftime 95412->95420 95421 2962fb 39 API calls 95413->95421 95416->95089 95417->95089 95418->95089 95419->95089 95420->95412 95421->95416 95422 2b2ba5 95423 272b25 95422->95423 95424 2b2baf 95422->95424 95450 272b83 7 API calls 95423->95450 95468 273a5a 95424->95468 95428 2b2bb8 95429 279cb3 22 API calls 95428->95429 95431 2b2bc6 95429->95431 95433 2b2bce 95431->95433 95434 2b2bf5 95431->95434 95432 272b2f 95438 272b44 95432->95438 95454 273837 95432->95454 95475 2733c6 95433->95475 95437 2733c6 22 API calls 95434->95437 95440 2b2bf1 GetForegroundWindow ShellExecuteW 95437->95440 95443 272b5f 95438->95443 95464 2730f2 95438->95464 95445 2b2c26 95440->95445 95447 272b66 SetCurrentDirectoryW 95443->95447 95444 2b2be7 95448 2733c6 22 API calls 95444->95448 95445->95443 95449 272b7a 95447->95449 95448->95440 95485 272cd4 7 API calls 95450->95485 95452 272b2a 95453 272c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 95452->95453 95453->95432 95455 273862 ___scrt_fastfail 95454->95455 95486 274212 95455->95486 95458 2738e8 95460 273906 Shell_NotifyIconW 95458->95460 95461 2b3386 Shell_NotifyIconW 95458->95461 95490 273923 95460->95490 95463 27391c 95463->95438 95465 273154 95464->95465 95466 273104 ___scrt_fastfail 95464->95466 95465->95443 95467 273123 Shell_NotifyIconW 95466->95467 95467->95465 95469 2b1f50 __wsopen_s 95468->95469 95470 273a67 GetModuleFileNameW 95469->95470 95471 279cb3 22 API calls 95470->95471 95472 273a8d 95471->95472 95473 273aa2 23 API calls 95472->95473 95474 273a97 95473->95474 95474->95428 95476 2b30bb 95475->95476 95477 2733dd 95475->95477 95479 28fddb 22 API calls 95476->95479 95521 2733ee 95477->95521 95481 2b30c5 _wcslen 95479->95481 95480 2733e8 95484 276350 22 API calls 95480->95484 95482 28fe0b 22 API calls 95481->95482 95483 2b30fe __fread_nolock 95482->95483 95484->95444 95485->95452 95487 2738b7 95486->95487 95488 2b35a4 95486->95488 95487->95458 95512 2dc874 42 API calls _strftime 95487->95512 95488->95487 95489 2b35ad DestroyIcon 95488->95489 95489->95487 95491 27393f 95490->95491 95510 273a13 95490->95510 95513 276270 95491->95513 95494 2b3393 LoadStringW 95497 2b33ad 95494->95497 95495 27395a 95496 276b57 22 API calls 95495->95496 95498 27396f 95496->95498 95505 273994 ___scrt_fastfail 95497->95505 95519 27a8c7 22 API calls __fread_nolock 95497->95519 95499 2b33c9 95498->95499 95500 27397c 95498->95500 95520 276350 22 API calls 95499->95520 95500->95497 95502 273986 95500->95502 95518 276350 22 API calls 95502->95518 95508 2739f9 Shell_NotifyIconW 95505->95508 95506 2b33d7 95506->95505 95507 2733c6 22 API calls 95506->95507 95509 2b33f9 95507->95509 95508->95510 95511 2733c6 22 API calls 95509->95511 95510->95463 95511->95505 95512->95458 95514 28fe0b 22 API calls 95513->95514 95515 276295 95514->95515 95516 28fddb 22 API calls 95515->95516 95517 27394d 95516->95517 95517->95494 95517->95495 95518->95505 95519->95505 95520->95506 95522 2733fe _wcslen 95521->95522 95523 2b311d 95522->95523 95524 273411 95522->95524 95525 28fddb 22 API calls 95523->95525 95531 27a587 95524->95531 95527 2b3127 95525->95527 95529 28fe0b 22 API calls 95527->95529 95528 27341e __fread_nolock 95528->95480 95530 2b3157 __fread_nolock 95529->95530 95532 27a59d 95531->95532 95535 27a598 __fread_nolock 95531->95535 95533 2bf80f 95532->95533 95534 28fe0b 22 API calls 95532->95534 95534->95535 95535->95528 95536 272e37 95537 27a961 22 API calls 95536->95537 95538 272e4d 95537->95538 95615 274ae3 95538->95615 95540 272e6b 95541 273a5a 24 API calls 95540->95541 95542 272e7f 95541->95542 95543 279cb3 22 API calls 95542->95543 95544 272e8c 95543->95544 95545 274ecb 94 API calls 95544->95545 95546 272ea5 95545->95546 95547 272ead 95546->95547 95548 2b2cb0 95546->95548 95629 27a8c7 22 API calls __fread_nolock 95547->95629 95549 2e2cf9 80 API calls 95548->95549 95550 2b2cc3 95549->95550 95551 2b2ccf 95550->95551 95553 274f39 68 API calls 95550->95553 95557 274f39 68 API calls 95551->95557 95553->95551 95554 272ec3 95630 276f88 22 API calls 95554->95630 95556 272ecf 95558 279cb3 22 API calls 95556->95558 95559 2b2ce5 95557->95559 95560 272edc 95558->95560 95647 273084 22 API calls 95559->95647 95631 27a81b 41 API calls 95560->95631 95563 272eec 95565 279cb3 22 API calls 95563->95565 95564 2b2d02 95648 273084 22 API calls 95564->95648 95567 272f12 95565->95567 95632 27a81b 41 API calls 95567->95632 95568 2b2d1e 95570 273a5a 24 API calls 95568->95570 95571 2b2d44 95570->95571 95649 273084 22 API calls 95571->95649 95572 272f21 95574 27a961 22 API calls 95572->95574 95576 272f3f 95574->95576 95575 2b2d50 95650 27a8c7 22 API calls __fread_nolock 95575->95650 95633 273084 22 API calls 95576->95633 95579 2b2d5e 95651 273084 22 API calls 95579->95651 95580 272f4b 95634 294a28 40 API calls 3 library calls 95580->95634 95583 2b2d6d 95652 27a8c7 22 API calls __fread_nolock 95583->95652 95584 272f59 95584->95559 95585 272f63 95584->95585 95635 294a28 40 API calls 3 library calls 95585->95635 95588 2b2d83 95653 273084 22 API calls 95588->95653 95589 272f6e 95589->95564 95591 272f78 95589->95591 95636 294a28 40 API calls 3 library calls 95591->95636 95592 2b2d90 95594 272f83 95594->95568 95595 272f8d 95594->95595 95637 294a28 40 API calls 3 library calls 95595->95637 95597 272f98 95598 272fdc 95597->95598 95638 273084 22 API calls 95597->95638 95598->95583 95599 272fe8 95598->95599 95599->95592 95641 2763eb 22 API calls 95599->95641 95601 272fbf 95639 27a8c7 22 API calls __fread_nolock 95601->95639 95604 272ff8 95642 276a50 22 API calls 95604->95642 95605 272fcd 95640 273084 22 API calls 95605->95640 95608 273006 95643 2770b0 23 API calls 95608->95643 95612 273021 95613 273065 95612->95613 95644 276f88 22 API calls 95612->95644 95645 2770b0 23 API calls 95612->95645 95646 273084 22 API calls 95612->95646 95616 274af0 __wsopen_s 95615->95616 95617 276b57 22 API calls 95616->95617 95618 274b22 95616->95618 95617->95618 95622 274b58 95618->95622 95654 274c6d 95618->95654 95620 274c29 95621 274c5e 95620->95621 95623 279cb3 22 API calls 95620->95623 95621->95540 95622->95620 95624 279cb3 22 API calls 95622->95624 95627 274c6d 22 API calls 95622->95627 95628 27515f 22 API calls 95622->95628 95625 274c52 95623->95625 95624->95622 95626 27515f 22 API calls 95625->95626 95626->95621 95627->95622 95628->95622 95629->95554 95630->95556 95631->95563 95632->95572 95633->95580 95634->95584 95635->95589 95636->95594 95637->95597 95638->95601 95639->95605 95640->95598 95641->95604 95642->95608 95643->95612 95644->95612 95645->95612 95646->95612 95647->95564 95648->95568 95649->95575 95650->95579 95651->95583 95652->95588 95653->95592 95655 27aec9 22 API calls 95654->95655 95656 274c78 95655->95656 95656->95618 95657 273156 95660 273170 95657->95660 95661 273187 95660->95661 95662 27318c 95661->95662 95663 2731eb 95661->95663 95700 2731e9 95661->95700 95664 273265 PostQuitMessage 95662->95664 95665 273199 95662->95665 95667 2b2dfb 95663->95667 95668 2731f1 95663->95668 95702 27316a 95664->95702 95670 2731a4 95665->95670 95671 2b2e7c 95665->95671 95666 2731d0 DefWindowProcW 95666->95702 95715 2718e2 10 API calls 95667->95715 95672 27321d SetTimer RegisterWindowMessageW 95668->95672 95673 2731f8 95668->95673 95675 2b2e68 95670->95675 95676 2731ae 95670->95676 95718 2dbf30 34 API calls ___scrt_fastfail 95671->95718 95677 273246 CreatePopupMenu 95672->95677 95672->95702 95679 273201 KillTimer 95673->95679 95680 2b2d9c 95673->95680 95674 2b2e1c 95716 28e499 42 API calls 95674->95716 95705 2dc161 95675->95705 95683 2b2e4d 95676->95683 95684 2731b9 95676->95684 95677->95702 95688 2730f2 Shell_NotifyIconW 95679->95688 95686 2b2da1 95680->95686 95687 2b2dd7 MoveWindow 95680->95687 95683->95666 95717 2d0ad7 22 API calls 95683->95717 95689 273253 95684->95689 95698 2731c4 95684->95698 95685 2b2e8e 95685->95666 95685->95702 95690 2b2da7 95686->95690 95691 2b2dc6 SetFocus 95686->95691 95687->95702 95692 273214 95688->95692 95713 27326f 44 API calls ___scrt_fastfail 95689->95713 95694 2b2db0 95690->95694 95690->95698 95691->95702 95712 273c50 DeleteObject DestroyWindow 95692->95712 95714 2718e2 10 API calls 95694->95714 95697 273263 95697->95702 95698->95666 95701 2730f2 Shell_NotifyIconW 95698->95701 95700->95666 95703 2b2e41 95701->95703 95704 273837 49 API calls 95703->95704 95704->95700 95706 2dc179 ___scrt_fastfail 95705->95706 95707 2dc276 95705->95707 95708 273923 24 API calls 95706->95708 95707->95702 95710 2dc1a0 95708->95710 95709 2dc25f KillTimer SetTimer 95709->95707 95710->95709 95711 2dc251 Shell_NotifyIconW 95710->95711 95711->95709 95712->95702 95713->95697 95714->95702 95715->95674 95716->95698 95717->95700 95718->95685 95719 2903fb 95720 290407 BuildCatchObjectHelperInternal 95719->95720 95748 28feb1 95720->95748 95722 29040e 95723 290561 95722->95723 95726 290438 95722->95726 95778 29083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 95723->95778 95725 290568 95771 294e52 95725->95771 95737 290477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 95726->95737 95759 2a247d 95726->95759 95733 290457 95735 2904d8 95767 290959 95735->95767 95737->95735 95774 294e1a 38 API calls 2 library calls 95737->95774 95739 2904de 95740 2904f3 95739->95740 95775 290992 GetModuleHandleW 95740->95775 95742 2904fa 95742->95725 95743 2904fe 95742->95743 95744 290507 95743->95744 95776 294df5 28 API calls _abort 95743->95776 95777 290040 13 API calls 2 library calls 95744->95777 95747 29050f 95747->95733 95749 28feba 95748->95749 95780 290698 IsProcessorFeaturePresent 95749->95780 95751 28fec6 95781 292c94 10 API calls 3 library calls 95751->95781 95753 28fecb 95754 28fecf 95753->95754 95782 2a2317 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95753->95782 95754->95722 95756 28fed8 95757 28fee6 95756->95757 95783 292cbd 8 API calls 3 library calls 95756->95783 95757->95722 95762 2a2494 95759->95762 95761 290451 95761->95733 95763 2a2421 95761->95763 95784 290a8c 95762->95784 95766 2a2450 95763->95766 95764 290a8c CatchGuardHandler 5 API calls 95765 2a2479 95764->95765 95765->95737 95766->95764 95792 292340 95767->95792 95770 29097f 95770->95739 95794 294bcf 95771->95794 95774->95735 95775->95742 95776->95744 95777->95747 95778->95725 95780->95751 95781->95753 95782->95756 95783->95754 95785 290a95 95784->95785 95786 290a97 IsProcessorFeaturePresent 95784->95786 95785->95761 95788 290c5d 95786->95788 95791 290c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95788->95791 95790 290d40 95790->95761 95791->95790 95793 29096c GetStartupInfoW 95792->95793 95793->95770 95795 294bdb _abort 95794->95795 95796 294be2 95795->95796 95797 294bf4 95795->95797 95833 294d29 GetModuleHandleW 95796->95833 95818 2a2f5e EnterCriticalSection 95797->95818 95800 294be7 95800->95797 95834 294d6d GetModuleHandleExW 95800->95834 95804 294bfb 95814 294c70 95804->95814 95817 294c99 95804->95817 95819 2a21a8 95804->95819 95806 294ce2 95842 2b1d29 5 API calls CatchGuardHandler 95806->95842 95807 294cb6 95825 294ce8 95807->95825 95811 2a2421 _abort 5 API calls 95816 294c88 95811->95816 95812 2a2421 _abort 5 API calls 95812->95817 95814->95811 95814->95816 95816->95812 95822 294cd9 95817->95822 95818->95804 95843 2a1ee1 95819->95843 95862 2a2fa6 LeaveCriticalSection 95822->95862 95824 294cb2 95824->95806 95824->95807 95863 2a360c 95825->95863 95828 294d16 95831 294d6d _abort 8 API calls 95828->95831 95829 294cf6 GetPEB 95829->95828 95830 294d06 GetCurrentProcess TerminateProcess 95829->95830 95830->95828 95832 294d1e ExitProcess 95831->95832 95833->95800 95835 294dba 95834->95835 95836 294d97 GetProcAddress 95834->95836 95838 294dc9 95835->95838 95839 294dc0 FreeLibrary 95835->95839 95837 294dac 95836->95837 95837->95835 95840 290a8c CatchGuardHandler 5 API calls 95838->95840 95839->95838 95841 294bf3 95840->95841 95841->95797 95846 2a1e90 95843->95846 95845 2a1f05 95845->95814 95847 2a1e9c BuildCatchObjectHelperInternal 95846->95847 95854 2a2f5e EnterCriticalSection 95847->95854 95849 2a1eaa 95855 2a1f31 95849->95855 95853 2a1ec8 __fread_nolock 95853->95845 95854->95849 95858 2a1f59 95855->95858 95860 2a1f51 95855->95860 95856 290a8c CatchGuardHandler 5 API calls 95857 2a1eb7 95856->95857 95861 2a1ed5 LeaveCriticalSection _abort 95857->95861 95859 2a29c8 _free 20 API calls 95858->95859 95858->95860 95859->95860 95860->95856 95861->95853 95862->95824 95864 2a3631 95863->95864 95865 2a3627 95863->95865 95870 2a2fd7 5 API calls 2 library calls 95864->95870 95867 290a8c CatchGuardHandler 5 API calls 95865->95867 95868 294cf2 95867->95868 95868->95828 95868->95829 95869 2a3648 95869->95865 95870->95869 95871 271033 95876 274c91 95871->95876 95875 271042 95877 27a961 22 API calls 95876->95877 95878 274cff 95877->95878 95884 273af0 95878->95884 95881 274d9c 95882 271038 95881->95882 95887 2751f7 22 API calls __fread_nolock 95881->95887 95883 2900a3 29 API calls __onexit 95882->95883 95883->95875 95888 273b1c 95884->95888 95887->95881 95889 273b0f 95888->95889 95890 273b29 95888->95890 95889->95881 95890->95889 95891 273b30 RegOpenKeyExW 95890->95891 95891->95889 95892 273b4a RegQueryValueExW 95891->95892 95893 273b80 RegCloseKey 95892->95893 95894 273b6b 95892->95894 95893->95889 95894->95893 95895 27f7bf 95896 27fcb6 95895->95896 95897 27f7d3 95895->95897 95899 27aceb 23 API calls 95896->95899 95898 27fcc2 95897->95898 95900 28fddb 22 API calls 95897->95900 95901 27aceb 23 API calls 95898->95901 95899->95898 95902 27f7e5 95900->95902 95904 27fd3d 95901->95904 95902->95898 95903 27f83e 95902->95903 95902->95904 95906 281310 348 API calls 95903->95906 95920 27ed9d ISource 95903->95920 95932 2e1155 22 API calls 95904->95932 95925 27ec76 ISource 95906->95925 95908 27fef7 95908->95920 95934 27a8c7 22 API calls __fread_nolock 95908->95934 95910 2c4600 95910->95920 95933 27a8c7 22 API calls __fread_nolock 95910->95933 95911 2c4b0b 95936 2e359c 82 API calls __wsopen_s 95911->95936 95917 27a8c7 22 API calls 95917->95925 95918 27fbe3 95918->95920 95921 2c4bdc 95918->95921 95926 27f3ae ISource 95918->95926 95919 27a961 22 API calls 95919->95925 95937 2e359c 82 API calls __wsopen_s 95921->95937 95923 290242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95923->95925 95924 2c4beb 95938 2e359c 82 API calls __wsopen_s 95924->95938 95925->95908 95925->95910 95925->95911 95925->95917 95925->95918 95925->95919 95925->95920 95925->95923 95925->95924 95925->95926 95927 28fddb 22 API calls 95925->95927 95928 2900a3 29 API calls pre_c_initialization 95925->95928 95929 2901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95925->95929 95930 2801e0 348 API calls 2 library calls 95925->95930 95931 2806a0 41 API calls ISource 95925->95931 95926->95920 95935 2e359c 82 API calls __wsopen_s 95926->95935 95927->95925 95928->95925 95929->95925 95930->95925 95931->95925 95932->95920 95933->95920 95934->95920 95935->95920 95936->95920 95937->95924 95938->95920 95939 2c3f75 95950 28ceb1 95939->95950 95941 2c3f8b 95942 2c4006 95941->95942 95959 28e300 23 API calls 95941->95959 95945 27bf40 348 API calls 95942->95945 95944 2c3fe6 95947 2c4052 95944->95947 95960 2e1abf 22 API calls 95944->95960 95945->95947 95949 2c4a88 95947->95949 95961 2e359c 82 API calls __wsopen_s 95947->95961 95951 28cebf 95950->95951 95952 28ced2 95950->95952 95953 27aceb 23 API calls 95951->95953 95954 28cf05 95952->95954 95955 28ced7 95952->95955 95958 28cec9 95953->95958 95957 27aceb 23 API calls 95954->95957 95956 28fddb 22 API calls 95955->95956 95956->95958 95957->95958 95958->95941 95959->95944 95960->95942 95961->95949 95962 27defc 95965 271d6f 95962->95965 95964 27df07 95966 271d8c 95965->95966 95967 271f6f 348 API calls 95966->95967 95968 271da6 95967->95968 95969 2b2759 95968->95969 95971 271e36 95968->95971 95972 271dc2 95968->95972 95975 2e359c 82 API calls __wsopen_s 95969->95975 95971->95964 95972->95971 95974 27289a 23 API calls 95972->95974 95974->95971 95975->95971 95976 27105b 95981 27344d 95976->95981 95978 27106a 96012 2900a3 29 API calls __onexit 95978->96012 95980 271074 95982 27345d __wsopen_s 95981->95982 95983 27a961 22 API calls 95982->95983 95984 273513 95983->95984 95985 273a5a 24 API calls 95984->95985 95986 27351c 95985->95986 96013 273357 95986->96013 95989 2733c6 22 API calls 95990 273535 95989->95990 95991 27515f 22 API calls 95990->95991 95992 273544 95991->95992 95993 27a961 22 API calls 95992->95993 95994 27354d 95993->95994 95995 27a6c3 22 API calls 95994->95995 95996 273556 RegOpenKeyExW 95995->95996 95997 2b3176 RegQueryValueExW 95996->95997 96001 273578 95996->96001 95998 2b320c RegCloseKey 95997->95998 95999 2b3193 95997->95999 95998->96001 96011 2b321e _wcslen 95998->96011 96000 28fe0b 22 API calls 95999->96000 96002 2b31ac 96000->96002 96001->95978 96003 275722 22 API calls 96002->96003 96004 2b31b7 RegQueryValueExW 96003->96004 96006 2b31d4 96004->96006 96008 2b31ee ISource 96004->96008 96005 274c6d 22 API calls 96005->96011 96007 276b57 22 API calls 96006->96007 96007->96008 96008->95998 96009 279cb3 22 API calls 96009->96011 96010 27515f 22 API calls 96010->96011 96011->96001 96011->96005 96011->96009 96011->96010 96012->95980 96014 2b1f50 __wsopen_s 96013->96014 96015 273364 GetFullPathNameW 96014->96015 96016 273386 96015->96016 96017 276b57 22 API calls 96016->96017 96018 2733a4 96017->96018 96018->95989 96019 271098 96024 2742de 96019->96024 96023 2710a7 96025 27a961 22 API calls 96024->96025 96026 2742f5 GetVersionExW 96025->96026 96027 276b57 22 API calls 96026->96027 96028 274342 96027->96028 96029 2793b2 22 API calls 96028->96029 96041 274378 96028->96041 96030 27436c 96029->96030 96032 2737a0 22 API calls 96030->96032 96031 27441b GetCurrentProcess IsWow64Process 96033 274437 96031->96033 96032->96041 96034 27444f LoadLibraryA 96033->96034 96035 2b3824 GetSystemInfo 96033->96035 96036 274460 GetProcAddress 96034->96036 96037 27449c GetSystemInfo 96034->96037 96036->96037 96039 274470 GetNativeSystemInfo 96036->96039 96040 274476 96037->96040 96038 2b37df 96039->96040 96042 27109d 96040->96042 96043 27447a FreeLibrary 96040->96043 96041->96031 96041->96038 96044 2900a3 29 API calls __onexit 96042->96044 96043->96042 96044->96023

                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                Function 002742DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 389 2742de-27434d call 27a961 GetVersionExW call 276b57 394 274353 389->394 395 2b3617-2b362a 389->395 396 274355-274357 394->396 397 2b362b-2b362f 395->397 398 27435d-2743bc call 2793b2 call 2737a0 396->398 399 2b3656 396->399 400 2b3632-2b363e 397->400 401 2b3631 397->401 418 2b37df-2b37e6 398->418 419 2743c2-2743c4 398->419 405 2b365d-2b3660 399->405 400->397 402 2b3640-2b3642 400->402 401->400 402->396 404 2b3648-2b364f 402->404 404->395 407 2b3651 404->407 408 27441b-274435 GetCurrentProcess IsWow64Process 405->408 409 2b3666-2b36a8 405->409 407->399 411 274437 408->411 412 274494-27449a 408->412 409->408 413 2b36ae-2b36b1 409->413 415 27443d-274449 411->415 412->415 416 2b36db-2b36e5 413->416 417 2b36b3-2b36bd 413->417 420 27444f-27445e LoadLibraryA 415->420 421 2b3824-2b3828 GetSystemInfo 415->421 425 2b36f8-2b3702 416->425 426 2b36e7-2b36f3 416->426 422 2b36ca-2b36d6 417->422 423 2b36bf-2b36c5 417->423 427 2b37e8 418->427 428 2b3806-2b3809 418->428 419->405 424 2743ca-2743dd 419->424 433 274460-27446e GetProcAddress 420->433 434 27449c-2744a6 GetSystemInfo 420->434 422->408 423->408 435 2743e3-2743e5 424->435 436 2b3726-2b372f 424->436 429 2b3715-2b3721 425->429 430 2b3704-2b3710 425->430 426->408 437 2b37ee 427->437 431 2b380b-2b381a 428->431 432 2b37f4-2b37fc 428->432 429->408 430->408 431->437 440 2b381c-2b3822 431->440 432->428 433->434 441 274470-274474 GetNativeSystemInfo 433->441 442 274476-274478 434->442 443 2b374d-2b3762 435->443 444 2743eb-2743ee 435->444 438 2b373c-2b3748 436->438 439 2b3731-2b3737 436->439 437->432 438->408 439->408 440->432 441->442 449 274481-274493 442->449 450 27447a-27447b FreeLibrary 442->450 447 2b376f-2b377b 443->447 448 2b3764-2b376a 443->448 445 2743f4-27440f 444->445 446 2b3791-2b3794 444->446 451 274415 445->451 452 2b3780-2b378c 445->452 446->408 453 2b379a-2b37c1 446->453 447->408 448->408 450->449 451->408 452->408 454 2b37ce-2b37da 453->454 455 2b37c3-2b37c9 453->455 454->408 455->408
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetVersionExW.KERNEL32(?), ref: 0027430D
                                                                                                                                                                                                                  • Part of subcall function 00276B57: _wcslen.LIBCMT ref: 00276B6A
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,0030CB64,00000000,?,?), ref: 00274422
                                                                                                                                                                                                                • IsWow64Process.KERNEL32(00000000,?,?), ref: 00274429
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00274454
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00274466
                                                                                                                                                                                                                • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00274474
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?), ref: 0027447B
                                                                                                                                                                                                                • GetSystemInfo.KERNEL32(?,?,?), ref: 002744A0
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                • Opcode ID: e0111d9d1bbdde8aa352f36e633583c1224d96c9c1aef018712417adeb804ea6
                                                                                                                                                                                                                • Instruction ID: 6b38871fcedb0c8c914132570ce8f77ed92a3541a739d719ffa5a69b093aaa52
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e0111d9d1bbdde8aa352f36e633583c1224d96c9c1aef018712417adeb804ea6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FBA1C56EA3AAC0DFC713DF697C401E57FAC6B27340F049499D0459BA22EB706998DB21
                                                                                                                                                                                                                Function 002742A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 793 2742a2-2742ba CreateStreamOnHGlobal 794 2742bc-2742d3 FindResourceExW 793->794 795 2742da-2742dd 793->795 796 2b35ba-2b35c9 LoadResource 794->796 797 2742d9 794->797 796->797 798 2b35cf-2b35dd SizeofResource 796->798 797->795 798->797 799 2b35e3-2b35ee LockResource 798->799 799->797 800 2b35f4-2b3612 799->800 800->797
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,002750AA,?,?,00000000,00000000), ref: 002742B2
                                                                                                                                                                                                                • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,002750AA,?,?,00000000,00000000), ref: 002742C9
                                                                                                                                                                                                                • LoadResource.KERNEL32(?,00000000,?,?,002750AA,?,?,00000000,00000000,?,?,?,?,?,?,00274F20), ref: 002B35BE
                                                                                                                                                                                                                • SizeofResource.KERNEL32(?,00000000,?,?,002750AA,?,?,00000000,00000000,?,?,?,?,?,?,00274F20), ref: 002B35D3
                                                                                                                                                                                                                • LockResource.KERNEL32(002750AA,?,?,002750AA,?,?,00000000,00000000,?,?,?,?,?,?,00274F20,?), ref: 002B35E6
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                • String ID: SCRIPT
                                                                                                                                                                                                                • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                • Opcode ID: 0c6044b378e53440493f17075530fc4a6388251ee2418091863a74e01682481e
                                                                                                                                                                                                                • Instruction ID: 3664bd838c7108ec29a0df84ba7c6dbdf714102499bfd0905abfcae2226945c2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c6044b378e53440493f17075530fc4a6388251ee2418091863a74e01682481e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A117070211701BFDB229F66DC48F677BBDEBC5B51F20866AF80696690DB71D820CA20
                                                                                                                                                                                                                Function 002B2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00272B6B
                                                                                                                                                                                                                  • Part of subcall function 00273A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00341418,?,00272E7F,?,?,?,00000000), ref: 00273A78
                                                                                                                                                                                                                  • Part of subcall function 00279CB3: _wcslen.LIBCMT ref: 00279CBD
                                                                                                                                                                                                                • GetForegroundWindow.USER32(runas,?,?,?,?,?,00332224), ref: 002B2C10
                                                                                                                                                                                                                • ShellExecuteW.SHELL32(00000000,?,?,00332224), ref: 002B2C17
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                • String ID: runas
                                                                                                                                                                                                                • API String ID: 448630720-4000483414
                                                                                                                                                                                                                • Opcode ID: ee17c8ae709eb0ba53f46432ce338258e922a42209b35ec68dd7838474d94e17
                                                                                                                                                                                                                • Instruction ID: f3538735997936031456aa36814b3a5b2f1453cca9f900359026bbdba314e47c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee17c8ae709eb0ba53f46432ce338258e922a42209b35ec68dd7838474d94e17
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DE110631228305AAC716FF20D892EAE77A89F91744F04942DF08A560A3CF3095ADDB52
                                                                                                                                                                                                                Function 002DD4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1239 2dd4dc-2dd524 CreateToolhelp32Snapshot Process32FirstW call 2ddef7 1242 2dd5d2-2dd5d5 1239->1242 1243 2dd529-2dd538 Process32NextW 1242->1243 1244 2dd5db-2dd5ea CloseHandle 1242->1244 1243->1244 1245 2dd53e-2dd5ad call 27a961 * 2 call 279cb3 call 27525f call 27988f call 276350 call 28ce60 1243->1245 1260 2dd5af-2dd5b1 1245->1260 1261 2dd5b7-2dd5be 1245->1261 1262 2dd5c0-2dd5cd call 27988f * 2 1260->1262 1263 2dd5b3-2dd5b5 1260->1263 1261->1262 1262->1242 1263->1261 1263->1262
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 002DD501
                                                                                                                                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 002DD50F
                                                                                                                                                                                                                • Process32NextW.KERNEL32(00000000,?), ref: 002DD52F
                                                                                                                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 002DD5DC
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 420147892-0
                                                                                                                                                                                                                • Opcode ID: c4714b460d83d95fb7fc22486b08cc1869b6a465ea74e38ba86db31685f9fe2e
                                                                                                                                                                                                                • Instruction ID: 45463ce99f2a5d2a324133ea7399722eeb1c0e9398176aaddc93f2dec73cf071
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c4714b460d83d95fb7fc22486b08cc1869b6a465ea74e38ba86db31685f9fe2e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6431E4310183019FD301EF54D881EAFBBF8EF99354F50492EF585822A2EB719955CB93
                                                                                                                                                                                                                Function 002DDBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1267 2ddbbe-2ddbda lstrlenW 1268 2ddbdc-2ddbe6 GetFileAttributesW 1267->1268 1269 2ddc06 1267->1269 1270 2ddc09-2ddc0d 1268->1270 1271 2ddbe8-2ddbf7 FindFirstFileW 1268->1271 1269->1270 1271->1269 1272 2ddbf9-2ddc04 FindClose 1271->1272 1272->1270
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,002B5222), ref: 002DDBCE
                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?), ref: 002DDBDD
                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 002DDBEE
                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 002DDBFA
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2695905019-0
                                                                                                                                                                                                                • Opcode ID: d7ea3aa552f01a25cef22422ced80a1479623811681781955b25c0b47e9270dc
                                                                                                                                                                                                                • Instruction ID: e42b57f4e6f0b8149468d602666d40ad5b1db3c43c1bbc4781c6e89a5db9d86f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d7ea3aa552f01a25cef22422ced80a1479623811681781955b25c0b47e9270dc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A7F0A03083191057C2216F78AC0E8BA376C9E01334FA04B03F836C22E1EBB05D648695
                                                                                                                                                                                                                Function 00294CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(002A28E9,?,00294CBE,002A28E9,003388B8,0000000C,00294E15,002A28E9,00000002,00000000,?,002A28E9), ref: 00294D09
                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,?,00294CBE,002A28E9,003388B8,0000000C,00294E15,002A28E9,00000002,00000000,?,002A28E9), ref: 00294D10
                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00294D22
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1703294689-0
                                                                                                                                                                                                                • Opcode ID: 7a40148af878386a6c9f65a0b145af71cdf69642941434b9d5d1649e99834d1e
                                                                                                                                                                                                                • Instruction ID: 515e1d8d0f584a636c35f61be997f1d61e4fe8c0f7afdfb82b7547019b245f63
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a40148af878386a6c9f65a0b145af71cdf69642941434b9d5d1649e99834d1e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5FE0B635031148ABCF16BF54DD19E583B6DFB4A781F108155FC058A122CB39DD62CA90
                                                                                                                                                                                                                Function 0027BF40 Relevance: 2.4, Strings: 1, Instructions: 1178COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: BuffCharUpper
                                                                                                                                                                                                                • String ID: p#4
                                                                                                                                                                                                                • API String ID: 3964851224-883765910
                                                                                                                                                                                                                • Opcode ID: 827ed79c984f12d240f9dd88752feb45b7ee9684793c8b765171571b96d177a6
                                                                                                                                                                                                                • Instruction ID: 97b0911a22068d838a0a0f68f0e190a34feac3cde73ab7d43094e37a8f94ed9c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 827ed79c984f12d240f9dd88752feb45b7ee9684793c8b765171571b96d177a6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EFA24874628341CFD724DF24C480B2AB7E1BF89304F24896DE99A9B352D771E865CF92
                                                                                                                                                                                                                Function 002FAFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 0 2faff9-2fb056 call 292340 3 2fb058-2fb06b call 27b567 0->3 4 2fb094-2fb098 0->4 12 2fb06d-2fb092 call 27b567 * 2 3->12 13 2fb0c8 3->13 6 2fb0dd-2fb0e0 4->6 7 2fb09a-2fb0bb call 27b567 * 2 4->7 9 2fb0f5-2fb119 call 277510 call 277620 6->9 10 2fb0e2-2fb0e5 6->10 30 2fb0bf-2fb0c4 7->30 32 2fb11f-2fb178 call 277510 call 277620 call 277510 call 277620 call 277510 call 277620 9->32 33 2fb1d8-2fb1e0 9->33 14 2fb0e8-2fb0ed call 27b567 10->14 12->30 17 2fb0cb-2fb0cf 13->17 14->9 22 2fb0d9-2fb0db 17->22 23 2fb0d1-2fb0d7 17->23 22->6 22->9 23->14 30->6 34 2fb0c6 30->34 82 2fb17a-2fb195 call 277510 call 277620 32->82 83 2fb1a6-2fb1d6 GetSystemDirectoryW call 28fe0b GetSystemDirectoryW 32->83 35 2fb20a-2fb238 GetCurrentDirectoryW call 28fe0b GetCurrentDirectoryW 33->35 36 2fb1e2-2fb1fd call 277510 call 277620 33->36 34->17 44 2fb23c 35->44 36->35 53 2fb1ff-2fb208 call 294963 36->53 47 2fb240-2fb244 44->47 50 2fb246-2fb270 call 279c6e * 3 47->50 51 2fb275-2fb285 call 2e00d9 47->51 50->51 64 2fb28b-2fb2e1 call 2e07c0 call 2e06e6 call 2e05a7 51->64 65 2fb287-2fb289 51->65 53->35 53->51 68 2fb2ee-2fb2f2 64->68 96 2fb2e3 64->96 65->68 70 2fb39a-2fb3be CreateProcessW 68->70 71 2fb2f8-2fb321 call 2d11c8 68->71 76 2fb3c1-2fb3d4 call 28fe14 * 2 70->76 87 2fb32a call 2d14ce 71->87 88 2fb323-2fb328 call 2d1201 71->88 101 2fb42f-2fb43d CloseHandle 76->101 102 2fb3d6-2fb3e8 76->102 82->83 110 2fb197-2fb1a0 call 294963 82->110 83->44 100 2fb32f-2fb33c call 294963 87->100 88->100 96->68 112 2fb33e-2fb345 100->112 113 2fb347-2fb357 call 294963 100->113 106 2fb43f-2fb444 101->106 107 2fb49c 101->107 108 2fb3ed-2fb3fc 102->108 109 2fb3ea 102->109 114 2fb446-2fb44c CloseHandle 106->114 115 2fb451-2fb456 106->115 118 2fb4a0-2fb4a4 107->118 116 2fb3fe 108->116 117 2fb401-2fb42a GetLastError call 27630c call 27cfa0 108->117 109->108 110->47 110->83 112->112 112->113 134 2fb359-2fb360 113->134 135 2fb362-2fb372 call 294963 113->135 114->115 121 2fb458-2fb45e CloseHandle 115->121 122 2fb463-2fb468 115->122 116->117 132 2fb4e5-2fb4f6 call 2e0175 117->132 124 2fb4a6-2fb4b0 118->124 125 2fb4b2-2fb4bc 118->125 121->122 129 2fb46a-2fb470 CloseHandle 122->129 130 2fb475-2fb49a call 2e09d9 call 2fb536 122->130 124->132 126 2fb4be 125->126 127 2fb4c4-2fb4e3 call 27cfa0 CloseHandle 125->127 126->127 127->132 129->130 130->118 134->134 134->135 146 2fb37d-2fb398 call 28fe14 * 3 135->146 147 2fb374-2fb37b 135->147 146->76 147->146 147->147
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002FB198
                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 002FB1B0
                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 002FB1D4
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002FB200
                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 002FB214
                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 002FB236
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002FB332
                                                                                                                                                                                                                  • Part of subcall function 002E05A7: GetStdHandle.KERNEL32(000000F6), ref: 002E05C6
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002FB34B
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002FB366
                                                                                                                                                                                                                • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 002FB3B6
                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000), ref: 002FB407
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 002FB439
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 002FB44A
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 002FB45C
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 002FB46E
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 002FB4E3
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2178637699-0
                                                                                                                                                                                                                • Opcode ID: ee7bb0686a57d63588291eca18d021c865b3e118afee7262118d0ce4eaf6d75c
                                                                                                                                                                                                                • Instruction ID: 1fc39df75216a5fc3b6b62a8253011d02795e00e4c32a948165ac46ac663a53c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee7bb0686a57d63588291eca18d021c865b3e118afee7262118d0ce4eaf6d75c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 69F1CD316243459FC716EF24C891B2EBBE5AF85350F14856DF9898B2A2CB31EC60CF52
                                                                                                                                                                                                                Function 0027D730 Relevance: 21.6, APIs: 14, Instructions: 625windowsleeptimeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetInputState.USER32 ref: 0027D807
                                                                                                                                                                                                                • timeGetTime.WINMM ref: 0027DA07
                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0027DB28
                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 0027DB7B
                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 0027DB89
                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0027DB9F
                                                                                                                                                                                                                • Sleep.KERNELBASE(0000000A), ref: 0027DBB1
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2189390790-0
                                                                                                                                                                                                                • Opcode ID: cc00cefb7b4a79334edcdaeb3fc408be2f1ffb89d0566a4d36e5a1af1828e104
                                                                                                                                                                                                                • Instruction ID: afac1553cfdb23a33848b5a8b94e21f33e9779d937858a80670dd02584f1e832
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc00cefb7b4a79334edcdaeb3fc408be2f1ffb89d0566a4d36e5a1af1828e104
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D642E130624342DFD729CF24C845F6AB7B4BF86304F14865EE5598B291DBB0E868CF92
                                                                                                                                                                                                                Function 00272CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00272D07
                                                                                                                                                                                                                • RegisterClassExW.USER32(00000030), ref: 00272D31
                                                                                                                                                                                                                • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00272D42
                                                                                                                                                                                                                • InitCommonControlsEx.COMCTL32(?), ref: 00272D5F
                                                                                                                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00272D6F
                                                                                                                                                                                                                • LoadIconW.USER32(000000A9), ref: 00272D85
                                                                                                                                                                                                                • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00272D94
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                • Opcode ID: b51f193972f78ec97382e0cfbd32e7ea543c14e1b706afc6ba4ec15d75dedc35
                                                                                                                                                                                                                • Instruction ID: 1587db24e44e44b8ea6559fa76349ee1c89e716b86bae9c5f67dc7114cf84652
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b51f193972f78ec97382e0cfbd32e7ea543c14e1b706afc6ba4ec15d75dedc35
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B621F9B9922308AFDB02DF94EC59BDD7BB8FB09700F00521AF511AA2A0DBB15584CF94
                                                                                                                                                                                                                Function 002B065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 457 2b065b-2b068b call 2b042f 460 2b068d-2b0698 call 29f2c6 457->460 461 2b06a6-2b06b2 call 2a5221 457->461 468 2b069a-2b06a1 call 29f2d9 460->468 466 2b06cb-2b0714 call 2b039a 461->466 467 2b06b4-2b06c9 call 29f2c6 call 29f2d9 461->467 476 2b0781-2b078a GetFileType 466->476 477 2b0716-2b071f 466->477 467->468 478 2b097d-2b0983 468->478 479 2b078c-2b07bd GetLastError call 29f2a3 CloseHandle 476->479 480 2b07d3-2b07d6 476->480 482 2b0721-2b0725 477->482 483 2b0756-2b077c GetLastError call 29f2a3 477->483 479->468 494 2b07c3-2b07ce call 29f2d9 479->494 485 2b07d8-2b07dd 480->485 486 2b07df-2b07e5 480->486 482->483 487 2b0727-2b0754 call 2b039a 482->487 483->468 491 2b07e9-2b0837 call 2a516a 485->491 486->491 492 2b07e7 486->492 487->476 487->483 500 2b0839-2b0845 call 2b05ab 491->500 501 2b0847-2b086b call 2b014d 491->501 492->491 494->468 500->501 506 2b086f-2b0879 call 2a86ae 500->506 507 2b087e-2b08c1 501->507 508 2b086d 501->508 506->478 510 2b08c3-2b08c7 507->510 511 2b08e2-2b08f0 507->511 508->506 510->511 513 2b08c9-2b08dd 510->513 514 2b097b 511->514 515 2b08f6-2b08fa 511->515 513->511 514->478 515->514 516 2b08fc-2b092f CloseHandle call 2b039a 515->516 519 2b0963-2b0977 516->519 520 2b0931-2b095d GetLastError call 29f2a3 call 2a5333 516->520 519->514 520->519
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 002B039A: CreateFileW.KERNELBASE(00000000,00000000,?,002B0704,?,?,00000000,?,002B0704,00000000,0000000C), ref: 002B03B7
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 002B076F
                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 002B0776
                                                                                                                                                                                                                • GetFileType.KERNELBASE(00000000), ref: 002B0782
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 002B078C
                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 002B0795
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 002B07B5
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 002B08FF
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 002B0931
                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 002B0938
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                • String ID: H
                                                                                                                                                                                                                • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                • Opcode ID: 461b1808c245d9da0e9e0a624a2788d810868f92f101188655fa0d93927d271b
                                                                                                                                                                                                                • Instruction ID: aef37167fca16945dda8380218f7ade3713d7ff2c2a165920136133b6e9b5ccd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 461b1808c245d9da0e9e0a624a2788d810868f92f101188655fa0d93927d271b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 89A13636A241058FDF1AEF68D891BEE7BA4AB06360F140199F815DF2D1CB319D22CF91
                                                                                                                                                                                                                Function 0027344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00273A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00341418,?,00272E7F,?,?,?,00000000), ref: 00273A78
                                                                                                                                                                                                                  • Part of subcall function 00273357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00273379
                                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0027356A
                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 002B318D
                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 002B31CE
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 002B3210
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002B3277
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002B3286
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                • API String ID: 98802146-2727554177
                                                                                                                                                                                                                • Opcode ID: b527004afafa7046c528f62c0b808826f98dc6a7d6ad973e838d15bc00989746
                                                                                                                                                                                                                • Instruction ID: 708d7479c3f3db7d399ef758e77a6fc11ce218e61ee25a03f9371f284ae18455
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b527004afafa7046c528f62c0b808826f98dc6a7d6ad973e838d15bc00989746
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B6718F795253019EC316EF25DC8289BBBF8FF85740F80452EF549A71A0DB30AA58CF52
                                                                                                                                                                                                                Function 00272B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00272B8E
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00272B9D
                                                                                                                                                                                                                • LoadIconW.USER32(00000063), ref: 00272BB3
                                                                                                                                                                                                                • LoadIconW.USER32(000000A4), ref: 00272BC5
                                                                                                                                                                                                                • LoadIconW.USER32(000000A2), ref: 00272BD7
                                                                                                                                                                                                                • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00272BEF
                                                                                                                                                                                                                • RegisterClassExW.USER32(?), ref: 00272C40
                                                                                                                                                                                                                  • Part of subcall function 00272CD4: GetSysColorBrush.USER32(0000000F), ref: 00272D07
                                                                                                                                                                                                                  • Part of subcall function 00272CD4: RegisterClassExW.USER32(00000030), ref: 00272D31
                                                                                                                                                                                                                  • Part of subcall function 00272CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00272D42
                                                                                                                                                                                                                  • Part of subcall function 00272CD4: InitCommonControlsEx.COMCTL32(?), ref: 00272D5F
                                                                                                                                                                                                                  • Part of subcall function 00272CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00272D6F
                                                                                                                                                                                                                  • Part of subcall function 00272CD4: LoadIconW.USER32(000000A9), ref: 00272D85
                                                                                                                                                                                                                  • Part of subcall function 00272CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00272D94
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                • API String ID: 423443420-4155596026
                                                                                                                                                                                                                • Opcode ID: b0dde1a430f9b6642203d6f61a50220bd22ad0bc438d59424a1197808c38da9a
                                                                                                                                                                                                                • Instruction ID: 2f83bfbea4c4e63a6727f440ac9524d81e0aaabcaf9f1572735b55d0dadca9e8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b0dde1a430f9b6642203d6f61a50220bd22ad0bc438d59424a1197808c38da9a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3217C7CE51314AFCB129FA6EC54A997FB8FB09B40F00001AF500AA6A0DBB12580CF84
                                                                                                                                                                                                                Function 00273170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 598 273170-273185 599 273187-27318a 598->599 600 2731e5-2731e7 598->600 602 27318c-273193 599->602 603 2731eb 599->603 600->599 601 2731e9 600->601 606 2731d0-2731d8 DefWindowProcW 601->606 604 273265-27326d PostQuitMessage 602->604 605 273199-27319e 602->605 607 2b2dfb-2b2e23 call 2718e2 call 28e499 603->607 608 2731f1-2731f6 603->608 613 273219-27321b 604->613 610 2731a4-2731a8 605->610 611 2b2e7c-2b2e90 call 2dbf30 605->611 612 2731de-2731e4 606->612 641 2b2e28-2b2e2f 607->641 614 27321d-273244 SetTimer RegisterWindowMessageW 608->614 615 2731f8-2731fb 608->615 617 2b2e68-2b2e72 call 2dc161 610->617 618 2731ae-2731b3 610->618 611->613 635 2b2e96 611->635 613->612 614->613 619 273246-273251 CreatePopupMenu 614->619 621 273201-27320f KillTimer call 2730f2 615->621 622 2b2d9c-2b2d9f 615->622 631 2b2e77 617->631 625 2b2e4d-2b2e54 618->625 626 2731b9-2731be 618->626 619->613 639 273214 call 273c50 621->639 628 2b2da1-2b2da5 622->628 629 2b2dd7-2b2df6 MoveWindow 622->629 625->606 638 2b2e5a-2b2e63 call 2d0ad7 625->638 633 2731c4-2731ca 626->633 634 273253-273263 call 27326f 626->634 636 2b2da7-2b2daa 628->636 637 2b2dc6-2b2dd2 SetFocus 628->637 629->613 631->613 633->606 633->641 634->613 635->606 636->633 642 2b2db0-2b2dc1 call 2718e2 636->642 637->613 638->606 639->613 641->606 646 2b2e35-2b2e48 call 2730f2 call 273837 641->646 642->613 646->606
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0027316A,?,?), ref: 002731D8
                                                                                                                                                                                                                • KillTimer.USER32(?,00000001,?,?,?,?,?,0027316A,?,?), ref: 00273204
                                                                                                                                                                                                                • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00273227
                                                                                                                                                                                                                • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0027316A,?,?), ref: 00273232
                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 00273246
                                                                                                                                                                                                                • PostQuitMessage.USER32(00000000), ref: 00273267
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                • String ID: TaskbarCreated
                                                                                                                                                                                                                • API String ID: 129472671-2362178303
                                                                                                                                                                                                                • Opcode ID: d328d424e890c91584e8c798c53f4794fe5450241dda4341ebb3743d8a429867
                                                                                                                                                                                                                • Instruction ID: bdd724ba4e07c593c842a5e9fa481926a690d7f20b06bc190c5793d553bd5e89
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d328d424e890c91584e8c798c53f4794fe5450241dda4341ebb3743d8a429867
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60411039270205EBDB16DF789C19779375DE706340F548115F90D892A2CBB1EEB0BBA1
                                                                                                                                                                                                                Function 00271410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 654 271410-271449 655 2b24b8-2b24b9 DestroyWindow 654->655 656 27144f-271465 mciSendStringW 654->656 661 2b24c4-2b24d1 655->661 657 2716c6-2716d3 656->657 658 27146b-271473 656->658 659 2716d5-2716f0 UnregisterHotKey 657->659 660 2716f8-2716ff 657->660 658->661 662 271479-271488 call 27182e 658->662 659->660 664 2716f2-2716f3 call 2710d0 659->664 660->658 665 271705 660->665 666 2b24d3-2b24d6 661->666 667 2b2500-2b2507 661->667 673 2b250e-2b251a 662->673 674 27148e-271496 662->674 664->660 665->657 671 2b24d8-2b24e0 call 276246 666->671 672 2b24e2-2b24e5 FindClose 666->672 667->661 670 2b2509 667->670 670->673 675 2b24eb-2b24f8 671->675 672->675 681 2b251c-2b251e FreeLibrary 673->681 682 2b2524-2b252b 673->682 678 2b2532-2b253f 674->678 679 27149c-2714c1 call 27cfa0 674->679 675->667 680 2b24fa-2b24fb call 2e32b1 675->680 686 2b2541-2b255e VirtualFree 678->686 687 2b2566-2b256d 678->687 692 2714c3 679->692 693 2714f8-271503 CoUninitialize 679->693 680->667 681->682 682->673 685 2b252d 682->685 685->678 686->687 690 2b2560-2b2561 call 2e3317 686->690 687->678 688 2b256f 687->688 694 2b2574-2b2578 688->694 690->687 695 2714c6-2714f6 call 271a05 call 2719ae 692->695 693->694 696 271509-27150e 693->696 694->696 697 2b257e-2b2584 694->697 695->693 699 2b2589-2b2596 call 2e32eb 696->699 700 271514-27151e 696->700 697->696 713 2b2598 699->713 703 271707-271714 call 28f80e 700->703 704 271524-27152f call 27988f 700->704 703->704 715 27171a 703->715 714 271535 call 271944 704->714 717 2b259d-2b25bf call 28fdcd 713->717 716 27153a-27155c call 2717d5 call 28fe14 call 27177c 714->716 715->703 728 271561-2715a5 call 27988f call 27cfa0 call 2717fe call 28fe14 716->728 722 2b25c1 717->722 725 2b25c6-2b25e8 call 28fdcd 722->725 731 2b25ea 725->731 728->717 743 2715ab-2715cf call 28fe14 728->743 734 2b25ef-2b2611 call 28fdcd 731->734 741 2b2613 734->741 744 2b2618-2b2625 call 2d64d4 741->744 743->725 749 2715d5-2715f9 call 28fe14 743->749 750 2b2627 744->750 749->734 755 2715ff-271619 call 28fe14 749->755 752 2b262c-2b2639 call 28ac64 750->752 758 2b263b 752->758 755->744 760 27161f-271643 call 2717d5 call 28fe14 755->760 761 2b2640-2b264d call 2e3245 758->761 760->752 769 271649-271651 760->769 767 2b264f 761->767 771 2b2654-2b2661 call 2e32cc 767->771 769->761 770 271657-271675 call 27988f call 27190a 769->770 770->771 780 27167b-271689 770->780 777 2b2663 771->777 779 2b2668-2b2675 call 2e32cc 777->779 785 2b2677 779->785 780->779 782 27168f-2716c5 call 27988f * 3 call 271876 780->782 785->785
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00271459
                                                                                                                                                                                                                • CoUninitialize.COMBASE ref: 002714F8
                                                                                                                                                                                                                • UnregisterHotKey.USER32(?), ref: 002716DD
                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 002B24B9
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 002B251E
                                                                                                                                                                                                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 002B254B
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                • String ID: close all
                                                                                                                                                                                                                • API String ID: 469580280-3243417748
                                                                                                                                                                                                                • Opcode ID: 97694a5d822476f9ecececf593710a19be85f538bd276f00b224bb64a7bbb988
                                                                                                                                                                                                                • Instruction ID: 0a905c49b9d03b63c45c75664fa251a5833c6f132883339354fc6f1dc5898a7c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 97694a5d822476f9ecececf593710a19be85f538bd276f00b224bb64a7bbb988
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6D19E30722212CFCB29EF19C899B69F7A4BF05740F54829DE54A6B291DB30AD36CF51
                                                                                                                                                                                                                Function 00272C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 803 272c63-272cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00272C91
                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00272CB2
                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,00271CAD,?), ref: 00272CC6
                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,00271CAD,?), ref: 00272CCF
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$CreateShow
                                                                                                                                                                                                                • String ID: AutoIt v3$edit
                                                                                                                                                                                                                • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                • Opcode ID: 0dcc6ad9876a57c81cc7d0423207927c4e18fafe049a3cdf9af4a350fbc02511
                                                                                                                                                                                                                • Instruction ID: 68459cc7528eb5f8f63cd2e3cf99d811e322a5d1bd20c8fbbb1ee152c08f0074
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0dcc6ad9876a57c81cc7d0423207927c4e18fafe049a3cdf9af4a350fbc02511
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 04F0DA7D5516907AEB331B17AC58E772EBDD7C7F50F00105AF900AA5A0CAA12894DAB0
                                                                                                                                                                                                                Function 00273B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1228 273b1c-273b27 1229 273b99-273b9b 1228->1229 1230 273b29-273b2e 1228->1230 1231 273b8c-273b8f 1229->1231 1230->1229 1232 273b30-273b48 RegOpenKeyExW 1230->1232 1232->1229 1233 273b4a-273b69 RegQueryValueExW 1232->1233 1234 273b80-273b8b RegCloseKey 1233->1234 1235 273b6b-273b76 1233->1235 1234->1231 1236 273b90-273b97 1235->1236 1237 273b78-273b7a 1235->1237 1238 273b7e 1236->1238 1237->1238 1238->1234
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00273B0F,SwapMouseButtons,00000004,?), ref: 00273B40
                                                                                                                                                                                                                • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00273B0F,SwapMouseButtons,00000004,?), ref: 00273B61
                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00273B0F,SwapMouseButtons,00000004,?), ref: 00273B83
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                • String ID: Control Panel\Mouse
                                                                                                                                                                                                                • API String ID: 3677997916-824357125
                                                                                                                                                                                                                • Opcode ID: cc2e7ef74c700ece011b0e3afb0ad30ba3af955c8b11d4095ce14f4f266bcf88
                                                                                                                                                                                                                • Instruction ID: faa31f69c68f9badcdc7ce41f36ab0bdbf03986a5ca66b817ed1fc79fa356860
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc2e7ef74c700ece011b0e3afb0ad30ba3af955c8b11d4095ce14f4f266bcf88
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C5112AB5521209FFDB21CFA5DC45AEEB7BCEF04748B10955AA809D7110D271DE50A7A0
                                                                                                                                                                                                                Function 00273923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 002B33A2
                                                                                                                                                                                                                  • Part of subcall function 00276B57: _wcslen.LIBCMT ref: 00276B6A
                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00273A04
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                • String ID: Line:
                                                                                                                                                                                                                • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                • Opcode ID: 7a637e043987db7216d5088b1536203925e8064a1d8bab6c6135987561c3cc76
                                                                                                                                                                                                                • Instruction ID: d8cb6db5172a9582e16ab51c16b6ed9a1449ed70ccb138ae1d63b6a7958d1695
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a637e043987db7216d5088b1536203925e8064a1d8bab6c6135987561c3cc76
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D31D671429311AAC722EF20DC46BEFB7DCAB41710F00855AF59D97091DF70A6A8CBC2
                                                                                                                                                                                                                Function 00272DE3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetOpenFileNameW.COMDLG32(?), ref: 002B2C8C
                                                                                                                                                                                                                  • Part of subcall function 00273AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00273A97,?,?,00272E7F,?,?,?,00000000), ref: 00273AC2
                                                                                                                                                                                                                  • Part of subcall function 00272DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00272DC4
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                • String ID: X$`e3
                                                                                                                                                                                                                • API String ID: 779396738-245137066
                                                                                                                                                                                                                • Opcode ID: f651824e2239a15c86cc10877b8bfdc366a1f4c6c7e9c88ec98f8108fdc87140
                                                                                                                                                                                                                • Instruction ID: 427120f5672c3427959451fb5879c1418b5e3c26c63c6faa785b6878b31d0aa4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f651824e2239a15c86cc10877b8bfdc366a1f4c6c7e9c88ec98f8108fdc87140
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF21A571A20258AFDB12EF94C845BEE7BFCAF49304F00805AE409B7241DBB45A9DCF61
                                                                                                                                                                                                                Function 0028FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00290668
                                                                                                                                                                                                                  • Part of subcall function 002932A4: RaiseException.KERNEL32(?,?,?,0029068A,?,00341444,?,?,?,?,?,?,0029068A,00271129,00338738,00271129), ref: 00293304
                                                                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00290685
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                • String ID: Unknown exception
                                                                                                                                                                                                                • API String ID: 3476068407-410509341
                                                                                                                                                                                                                • Opcode ID: 55d989884ad5b01c7b048ff1b9a209a13fcd0275ba07fa10317ef50c1db7cfa7
                                                                                                                                                                                                                • Instruction ID: cf290438f9ee780b4fccc574b920b34d34388fb420bd3ca8521106a1630e37c4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 55d989884ad5b01c7b048ff1b9a209a13fcd0275ba07fa10317ef50c1db7cfa7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 03F0443492020DABCF04BA64D886C9E776C5E40350B604571F924D55D1EF71DA75CA80
                                                                                                                                                                                                                Function 002710F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00271BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00271BF4
                                                                                                                                                                                                                  • Part of subcall function 00271BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00271BFC
                                                                                                                                                                                                                  • Part of subcall function 00271BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00271C07
                                                                                                                                                                                                                  • Part of subcall function 00271BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00271C12
                                                                                                                                                                                                                  • Part of subcall function 00271BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00271C1A
                                                                                                                                                                                                                  • Part of subcall function 00271BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00271C22
                                                                                                                                                                                                                  • Part of subcall function 00271B4A: RegisterWindowMessageW.USER32(00000004,?,002712C4), ref: 00271BA2
                                                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0027136A
                                                                                                                                                                                                                • OleInitialize.OLE32 ref: 00271388
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000), ref: 002B24AB
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1986988660-0
                                                                                                                                                                                                                • Opcode ID: 383259a3dff4c9cf263ba157c5d0750d0076cfe59992b01b53f374862e56e891
                                                                                                                                                                                                                • Instruction ID: 6f739537c792349d6677513760119fdf4b6fa2e4deee422d3d6a770605e2306e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 383259a3dff4c9cf263ba157c5d0750d0076cfe59992b01b53f374862e56e891
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7171A2BC921A048EC386DF79E8556953AF8FB8B354B5482AAD40ACF361EF3064D1CF44
                                                                                                                                                                                                                Function 002DC161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00273923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00273A04
                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 002DC259
                                                                                                                                                                                                                • KillTimer.USER32(?,00000001,?,?), ref: 002DC261
                                                                                                                                                                                                                • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 002DC270
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3500052701-0
                                                                                                                                                                                                                • Opcode ID: 070ae21b3d2e86fdcc3e9745ec9ce1bd680ed8fed179abd3b53e080328589c05
                                                                                                                                                                                                                • Instruction ID: 1b33e3b5903099f7c7b49ca3da0c26fa79a395a11362aec4a33f60870c73981d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 070ae21b3d2e86fdcc3e9745ec9ce1bd680ed8fed179abd3b53e080328589c05
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B31C370924345AFEB328F648899BE7BBECAB06304F10049FE6DE97241C7746E84CB51
                                                                                                                                                                                                                Function 002A86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CloseHandle.KERNELBASE(00000000,00000000,?,?,002A85CC,?,00338CC8,0000000C), ref: 002A8704
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,002A85CC,?,00338CC8,0000000C), ref: 002A870E
                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 002A8739
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2583163307-0
                                                                                                                                                                                                                • Opcode ID: 309d308e47c864df49cef93a08a656f313a877407e7c21574fb2e289ac174d16
                                                                                                                                                                                                                • Instruction ID: 13784d79b5e6318c4f2d0fd2638a17c6783c478899ca87852f0ca0c981e513cb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 309d308e47c864df49cef93a08a656f313a877407e7c21574fb2e289ac174d16
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DF016636A3563027EA656B34A845B7F674D4BC3B74F38029AF9048B0D2DEB0CCA5C590
                                                                                                                                                                                                                Function 0027DB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 0027DB7B
                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 0027DB89
                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0027DB9F
                                                                                                                                                                                                                • Sleep.KERNELBASE(0000000A), ref: 0027DBB1
                                                                                                                                                                                                                • TranslateAcceleratorW.USER32(?,?,?), ref: 002C1CC9
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3288985973-0
                                                                                                                                                                                                                • Opcode ID: a6e0c279ef1692d8a85fb9ef3ed46c07b83d762b8d1fa61c7ab2e36ffe048677
                                                                                                                                                                                                                • Instruction ID: e83d35ab6cfa771be89d292925a64ed475104a0fc1032e3a9e088a96862399f3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a6e0c279ef1692d8a85fb9ef3ed46c07b83d762b8d1fa61c7ab2e36ffe048677
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3F05E306653459BEB31CB608C59FEA73BCEF46710F10561AF65A970C0DB70A4988B16
                                                                                                                                                                                                                Function 00281310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 002817F6
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Init_thread_footer
                                                                                                                                                                                                                • String ID: CALL
                                                                                                                                                                                                                • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                • Opcode ID: fc63804ac55a557aaed10654fa6418adcf8e6a7b0d0805b51ac55df53f98cc77
                                                                                                                                                                                                                • Instruction ID: 130c65b3c3f2cf1aa9372418f6758f14b09e6dac238d009106485ec23f1dcaa6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc63804ac55a557aaed10654fa6418adcf8e6a7b0d0805b51ac55df53f98cc77
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D229C785292419FC714EF14C484B2ABBE9BF85314F64896DF48A8B3E1D771E862CF42
                                                                                                                                                                                                                Function 00273837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00273908
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: IconNotifyShell_
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1144537725-0
                                                                                                                                                                                                                • Opcode ID: a51003b5bddc362a83ef40219a01a433b8dc89f7fc1d547ae7a307820001782b
                                                                                                                                                                                                                • Instruction ID: 1ab585091c069b8e4aeb8354c6a96b417b54b1a82c788d7991e4c19f4ddd91bf
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a51003b5bddc362a83ef40219a01a433b8dc89f7fc1d547ae7a307820001782b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 92310474514702DFD321DF24C884797BBE8FB49708F00092EF59D87240E7B1AA54CB52
                                                                                                                                                                                                                Function 0028F645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • timeGetTime.WINMM ref: 0028F661
                                                                                                                                                                                                                  • Part of subcall function 0027D730: GetInputState.USER32 ref: 0027D807
                                                                                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 002CF2DE
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4149333218-0
                                                                                                                                                                                                                • Opcode ID: d21a1172036f4bebc08e238a9a0cb2d4ff6c34311eaeffcccbecf30aa5fbdf1e
                                                                                                                                                                                                                • Instruction ID: cac1d8a03e0049bd391310adfd0a5e8f6076fa59cc09e5de8253be6970e22913
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d21a1172036f4bebc08e238a9a0cb2d4ff6c34311eaeffcccbecf30aa5fbdf1e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FDF08C352602059FD354EF79D559B6AB7E8EF45B61F00422AE85DC72A0DB70A810CF91
                                                                                                                                                                                                                Function 00274ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00274E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00274EDD,?,00341418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00274E9C
                                                                                                                                                                                                                  • Part of subcall function 00274E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00274EAE
                                                                                                                                                                                                                  • Part of subcall function 00274E90: FreeLibrary.KERNEL32(00000000,?,?,00274EDD,?,00341418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00274EC0
                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00341418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00274EFD
                                                                                                                                                                                                                  • Part of subcall function 00274E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,002B3CDE,?,00341418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00274E62
                                                                                                                                                                                                                  • Part of subcall function 00274E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00274E74
                                                                                                                                                                                                                  • Part of subcall function 00274E59: FreeLibrary.KERNEL32(00000000,?,?,002B3CDE,?,00341418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00274E87
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2632591731-0
                                                                                                                                                                                                                • Opcode ID: 58e5d0dc25e6dd2decc7a5a4d29b1e3c859b8b77ae9ca7f36ac8f3512bf8b88a
                                                                                                                                                                                                                • Instruction ID: bdd0d72ab238a68245f8dd67dd0cdcffd144e11775c6c18a1eccbbc43c3bffde
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 58e5d0dc25e6dd2decc7a5a4d29b1e3c859b8b77ae9ca7f36ac8f3512bf8b88a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF110132630215ABCF10FF60DC02BADB7A4AF40710F20C42EF04AA61C1EFB49A259B51
                                                                                                                                                                                                                Function 002A8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __wsopen_s
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3347428461-0
                                                                                                                                                                                                                • Opcode ID: 345e9c3f204bbb03625a8e0b3f3f9eeab8b80dc49b8474fb2e9d795fa8304fa4
                                                                                                                                                                                                                • Instruction ID: a443b5d50b3d8d2dae1a6be41a22591add8e5bb92113595cdb7cb807041fc186
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 345e9c3f204bbb03625a8e0b3f3f9eeab8b80dc49b8474fb2e9d795fa8304fa4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0511187590420AAFCB05DF58E94199A7BF9EF49314F104059F808AB312DA31EA21CBA5
                                                                                                                                                                                                                Function 0029E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                • Instruction ID: 7c8f2625a0d58cf64353f3973f681448985b3895c5c79b3aee17ff3a3fc7c597
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AAF0F432930E10EBDE317E698C05B5A339C9FA3330F110715F920962D2DFB0D8258EA6
                                                                                                                                                                                                                Function 002A3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,00341444,?,0028FDF5,?,?,0027A976,00000010,00341440,002713FC,?,002713C6,?,00271129), ref: 002A3852
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                • Opcode ID: 238ed8c3f9483a8dcf53848831d4303b5376cd760387f91de69cda92b528a82d
                                                                                                                                                                                                                • Instruction ID: 76faf7ab89dcf6e80204a875f7d88d44810caf7f01e78c0e0574b907239862be
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 238ed8c3f9483a8dcf53848831d4303b5376cd760387f91de69cda92b528a82d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1E0E5325322265FDA216F669C04F9B3649AF437B0F050122BC4496490DF58DD2186E0
                                                                                                                                                                                                                Function 00274F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,00341418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00274F6D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3664257935-0
                                                                                                                                                                                                                • Opcode ID: 9996a11d9d5c23eb6a3c23ed1ba8dacd9ae0ca5175e39c692f7ef9662e1e0a97
                                                                                                                                                                                                                • Instruction ID: dad5a2b97d02dce8c0628428fcc32763cc7a1467b851e59688ad9589a915a8f9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9996a11d9d5c23eb6a3c23ed1ba8dacd9ae0ca5175e39c692f7ef9662e1e0a97
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8FF01C71125752CFDB34AF64D490812F7E4AF15319320C96EE1EE82911C7719854DF11
                                                                                                                                                                                                                Function 00302A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • IsWindow.USER32(00000000), ref: 00302A66
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2353593579-0
                                                                                                                                                                                                                • Opcode ID: de83ba7972e616ae1d867d3f064c25c973adde95fda558fe558e7d1900d92550
                                                                                                                                                                                                                • Instruction ID: 1ad97178d20a8e5bf51902119e49a9b72e9baa81a9088be7ea0537b661ba9cc9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: de83ba7972e616ae1d867d3f064c25c973adde95fda558fe558e7d1900d92550
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5AE04F36361116AAC725EB31DCA48FA735CEB50395B104537BC1BC2240DF30DDA58BA0
                                                                                                                                                                                                                Function 002730F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000002,?), ref: 0027314E
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: IconNotifyShell_
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1144537725-0
                                                                                                                                                                                                                • Opcode ID: 4dd44f1c211b475eab8d1be1d091a896829cf74d425a755d82e0034355ca7360
                                                                                                                                                                                                                • Instruction ID: b9ab5b63e8558db8741ae7d5e6dc67d76ec9cb7e94eca0d987d15d658db2fd16
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4dd44f1c211b475eab8d1be1d091a896829cf74d425a755d82e0034355ca7360
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2DF037749243149FEB63DF24DC457D57BFCA701708F0001E5A54896191DB7457C8CF51
                                                                                                                                                                                                                Function 00272DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00272DC4
                                                                                                                                                                                                                  • Part of subcall function 00276B57: _wcslen.LIBCMT ref: 00276B6A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 541455249-0
                                                                                                                                                                                                                • Opcode ID: b437bdc9af14e272efcfc77a4436a51eeb18ec7cb21a7964eddfe89409289f5d
                                                                                                                                                                                                                • Instruction ID: 925fe74666210845687701b6964757ffbe49c408255cc49a39a306cdeb519534
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b437bdc9af14e272efcfc77a4436a51eeb18ec7cb21a7964eddfe89409289f5d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B4E0CD726002245BCB2193589C05FEA77DDDFC87D0F044171FD09E7249D970AD90C950
                                                                                                                                                                                                                Function 00272B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00273837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00273908
                                                                                                                                                                                                                  • Part of subcall function 0027D730: GetInputState.USER32 ref: 0027D807
                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00272B6B
                                                                                                                                                                                                                  • Part of subcall function 002730F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0027314E
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3667716007-0
                                                                                                                                                                                                                • Opcode ID: 5348975cd335709406cd372a6a9d83c59f8201154eaaedcd1c586e7d19950392
                                                                                                                                                                                                                • Instruction ID: 2446a8ec7d397bf51704012f662f172cd9ef89590621f92219358e4e2e5c60c0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5348975cd335709406cd372a6a9d83c59f8201154eaaedcd1c586e7d19950392
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CDE0262532020802C608FB31981256DA76D8BD2311F40953EF04A872A3CF3445A94A12
                                                                                                                                                                                                                Function 002B039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileW.KERNELBASE(00000000,00000000,?,002B0704,?,?,00000000,?,002B0704,00000000,0000000C), ref: 002B03B7
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                • Opcode ID: b4690b574c95a0c9d0daefcd28e5d9e5aa06a7b4b48fa54f61b789afb349ec92
                                                                                                                                                                                                                • Instruction ID: faa8d4e5e39ae37e0e82688b7a8064722eafa69823e983bd328b887aa7171ff0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4690b574c95a0c9d0daefcd28e5d9e5aa06a7b4b48fa54f61b789afb349ec92
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 43D06C3205010DBBDF028F84DD06EDA3BAAFB48714F014100BE1856020C732E821AB90
                                                                                                                                                                                                                Function 00271CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00271CBC
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: InfoParametersSystem
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3098949447-0
                                                                                                                                                                                                                • Opcode ID: 5e5f7b596a659c011d145525ca7eadc1a7db96ef1a391119ed72d78bfa9b0a3e
                                                                                                                                                                                                                • Instruction ID: 1fbe4c005bbf96e00751e169b4906e14db0cf6836884ec46a5299b4920f5d19c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e5f7b596a659c011d145525ca7eadc1a7db96ef1a391119ed72d78bfa9b0a3e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A0C09B3D2803049FF2174B81BC5AF11775CA34AF00F444001F6096D5E3C7A13450DA50

                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                Function 00309576 Relevance: 74.1, APIs: 39, Strings: 3, Instructions: 625windowkeyboardCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00289BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00289BB2
                                                                                                                                                                                                                • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0030961A
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0030965B
                                                                                                                                                                                                                • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0030969F
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 003096C9
                                                                                                                                                                                                                • SendMessageW.USER32 ref: 003096F2
                                                                                                                                                                                                                • GetKeyState.USER32(00000011), ref: 0030978B
                                                                                                                                                                                                                • GetKeyState.USER32(00000009), ref: 00309798
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 003097AE
                                                                                                                                                                                                                • GetKeyState.USER32(00000010), ref: 003097B8
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 003097E9
                                                                                                                                                                                                                • SendMessageW.USER32 ref: 00309810
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001030,?,00307E95), ref: 00309918
                                                                                                                                                                                                                • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0030992E
                                                                                                                                                                                                                • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00309941
                                                                                                                                                                                                                • SetCapture.USER32(?), ref: 0030994A
                                                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 003099AF
                                                                                                                                                                                                                • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 003099BC
                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 003099D6
                                                                                                                                                                                                                • ReleaseCapture.USER32 ref: 003099E1
                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00309A19
                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00309A26
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 00309A80
                                                                                                                                                                                                                • SendMessageW.USER32 ref: 00309AAE
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00309AEB
                                                                                                                                                                                                                • SendMessageW.USER32 ref: 00309B1A
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00309B3B
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00309B4A
                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00309B68
                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00309B75
                                                                                                                                                                                                                • GetParent.USER32(?), ref: 00309B93
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 00309BFA
                                                                                                                                                                                                                • SendMessageW.USER32 ref: 00309C2B
                                                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 00309C84
                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00309CB4
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00309CDE
                                                                                                                                                                                                                • SendMessageW.USER32 ref: 00309D01
                                                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 00309D4E
                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00309D82
                                                                                                                                                                                                                  • Part of subcall function 00289944: GetWindowLongW.USER32(?,000000EB), ref: 00289952
                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00309E05
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                • String ID: @GUI_DRAGID$F$p#4
                                                                                                                                                                                                                • API String ID: 3429851547-3401412920
                                                                                                                                                                                                                • Opcode ID: 63448f05eaf11f4cbc8d4f970179ecf3faed49e906971b90a6409154ec037caa
                                                                                                                                                                                                                • Instruction ID: 7cc1bad60f64144a353326cb1c3b3355b295da0f731c1059375693fe5a9f38d0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 63448f05eaf11f4cbc8d4f970179ecf3faed49e906971b90a6409154ec037caa
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E142A33550A204AFD722CF28CC64BAABBE9FF49320F15461AF695872E2D731E850CF51
                                                                                                                                                                                                                Function 00304873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 003048F3
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00304908
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00304927
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0030494B
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0030495C
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0030497B
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 003049AE
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 003049D4
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00304A0F
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00304A56
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00304A7E
                                                                                                                                                                                                                • IsMenu.USER32(?), ref: 00304A97
                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00304AF2
                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00304B20
                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00304B94
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00304BE3
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00304C82
                                                                                                                                                                                                                • wsprintfW.USER32 ref: 00304CAE
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00304CC9
                                                                                                                                                                                                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 00304CF1
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00304D13
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00304D33
                                                                                                                                                                                                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 00304D5A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                • String ID: %d/%02d/%02d
                                                                                                                                                                                                                • API String ID: 4054740463-328681919
                                                                                                                                                                                                                • Opcode ID: d65ff506b549a1937e264ae008d629f823967112d216d8d8274ccfcbbfe4a518
                                                                                                                                                                                                                • Instruction ID: 490753dbe707b9ffb1f56bea8404b952a8edd9560bd82d21f2c70b0054483638
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d65ff506b549a1937e264ae008d629f823967112d216d8d8274ccfcbbfe4a518
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A71212B1602208ABEB269F24CD59FAF7BF8EF45310F144229F615DB1E1DB749A41CB50
                                                                                                                                                                                                                Function 0028F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0028F998
                                                                                                                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 002CF474
                                                                                                                                                                                                                • IsIconic.USER32(00000000), ref: 002CF47D
                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000009), ref: 002CF48A
                                                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 002CF494
                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 002CF4AA
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 002CF4B1
                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 002CF4BD
                                                                                                                                                                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 002CF4CE
                                                                                                                                                                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 002CF4D6
                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 002CF4DE
                                                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 002CF4E1
                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 002CF4F6
                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 002CF501
                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 002CF50B
                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 002CF510
                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 002CF519
                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 002CF51E
                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 002CF528
                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 002CF52D
                                                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 002CF530
                                                                                                                                                                                                                • AttachThreadInput.USER32(?,000000FF,00000000), ref: 002CF557
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                                                                                                                • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                • Opcode ID: 759ac2abb461a196d03ba5a029ed8497dc71d4c13b3d69fd6818886536d6a115
                                                                                                                                                                                                                • Instruction ID: 917aa578deb2b31d431b5eec13efac56b84d58bb83fdb68322f19d2c212f9b02
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 759ac2abb461a196d03ba5a029ed8497dc71d4c13b3d69fd6818886536d6a115
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD318171A61218BFEB216FB54C4AFBF7E6DEB44B50F10112AFB00E61D1C6B15D10AAA0
                                                                                                                                                                                                                Function 002D1201 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 241COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 002D16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 002D170D
                                                                                                                                                                                                                  • Part of subcall function 002D16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 002D173A
                                                                                                                                                                                                                  • Part of subcall function 002D16C3: GetLastError.KERNEL32 ref: 002D174A
                                                                                                                                                                                                                • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 002D1286
                                                                                                                                                                                                                • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 002D12A8
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 002D12B9
                                                                                                                                                                                                                • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 002D12D1
                                                                                                                                                                                                                • GetProcessWindowStation.USER32 ref: 002D12EA
                                                                                                                                                                                                                • SetProcessWindowStation.USER32(00000000), ref: 002D12F4
                                                                                                                                                                                                                • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 002D1310
                                                                                                                                                                                                                  • Part of subcall function 002D10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,002D11FC), ref: 002D10D4
                                                                                                                                                                                                                  • Part of subcall function 002D10BF: CloseHandle.KERNEL32(?,?,002D11FC), ref: 002D10E9
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                • String ID: $default$winsta0$Z3
                                                                                                                                                                                                                • API String ID: 22674027-1276802698
                                                                                                                                                                                                                • Opcode ID: 24489888680701cb264a4016689981cde9287d83345e7afc153040eb741abfc2
                                                                                                                                                                                                                • Instruction ID: dce6104b0392c6d9f15adfa7299d86a1f80dd49678b951f84ca233d21a1a6899
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 24489888680701cb264a4016689981cde9287d83345e7afc153040eb741abfc2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 58818D71921249BFDF219FA4DC49FEE7BB9EF04704F14422AF910A62A0D7718D65CB60
                                                                                                                                                                                                                Function 002D0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 002D10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 002D1114
                                                                                                                                                                                                                  • Part of subcall function 002D10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,002D0B9B,?,?,?), ref: 002D1120
                                                                                                                                                                                                                  • Part of subcall function 002D10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,002D0B9B,?,?,?), ref: 002D112F
                                                                                                                                                                                                                  • Part of subcall function 002D10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,002D0B9B,?,?,?), ref: 002D1136
                                                                                                                                                                                                                  • Part of subcall function 002D10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 002D114D
                                                                                                                                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 002D0BCC
                                                                                                                                                                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 002D0C00
                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 002D0C17
                                                                                                                                                                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 002D0C51
                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 002D0C6D
                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 002D0C84
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 002D0C8C
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 002D0C93
                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 002D0CB4
                                                                                                                                                                                                                • CopySid.ADVAPI32(00000000), ref: 002D0CBB
                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 002D0CEA
                                                                                                                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 002D0D0C
                                                                                                                                                                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 002D0D1E
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 002D0D45
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 002D0D4C
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 002D0D55
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 002D0D5C
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 002D0D65
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 002D0D6C
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 002D0D78
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 002D0D7F
                                                                                                                                                                                                                  • Part of subcall function 002D1193: GetProcessHeap.KERNEL32(00000008,002D0BB1,?,00000000,?,002D0BB1,?), ref: 002D11A1
                                                                                                                                                                                                                  • Part of subcall function 002D1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,002D0BB1,?), ref: 002D11A8
                                                                                                                                                                                                                  • Part of subcall function 002D1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,002D0BB1,?), ref: 002D11B7
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4175595110-0
                                                                                                                                                                                                                • Opcode ID: 073b4c11135e85f1e2a428386d448ffeb5d099c1dd9f1dd1bbd82a32f1140e3e
                                                                                                                                                                                                                • Instruction ID: 77d6e6e546a0733bf70413da3e26c0d6295c6b3813ad04fb231a9ca7d4ef9953
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 073b4c11135e85f1e2a428386d448ffeb5d099c1dd9f1dd1bbd82a32f1140e3e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9871497292120AABDF119FA4DC88BAEBBBDEF05300F144617E914A72A1D771ED15CB60
                                                                                                                                                                                                                Function 002EEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • OpenClipboard.USER32(0030CC08), ref: 002EEB29
                                                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(0000000D), ref: 002EEB37
                                                                                                                                                                                                                • GetClipboardData.USER32(0000000D), ref: 002EEB43
                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 002EEB4F
                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 002EEB87
                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 002EEB91
                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 002EEBBC
                                                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(00000001), ref: 002EEBC9
                                                                                                                                                                                                                • GetClipboardData.USER32(00000001), ref: 002EEBD1
                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 002EEBE2
                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 002EEC22
                                                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(0000000F), ref: 002EEC38
                                                                                                                                                                                                                • GetClipboardData.USER32(0000000F), ref: 002EEC44
                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 002EEC55
                                                                                                                                                                                                                • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 002EEC77
                                                                                                                                                                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 002EEC94
                                                                                                                                                                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 002EECD2
                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 002EECF3
                                                                                                                                                                                                                • CountClipboardFormats.USER32 ref: 002EED14
                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 002EED59
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 420908878-0
                                                                                                                                                                                                                • Opcode ID: 67e989902fd645a2053b2554dd9ff3b103a4fd51f410f38bc6419b07eac18f61
                                                                                                                                                                                                                • Instruction ID: f017cd3d8a6e2d60a48f0adf4d77f3ec604523b6933b9e16917506ff5a4b487a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 67e989902fd645a2053b2554dd9ff3b103a4fd51f410f38bc6419b07eac18f61
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 126132302643429FCB11EF21CCA5F2A77A8BF84704F49561EF446972A2CB71DD15CB62
                                                                                                                                                                                                                Function 002E698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 002E69BE
                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 002E6A12
                                                                                                                                                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 002E6A4E
                                                                                                                                                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 002E6A75
                                                                                                                                                                                                                  • Part of subcall function 00279CB3: _wcslen.LIBCMT ref: 00279CBD
                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 002E6AB2
                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 002E6ADF
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                • Opcode ID: 70083f92f9e8cd4e58289a472313a1827783f79efd4eda51fae12c14af9a69ed
                                                                                                                                                                                                                • Instruction ID: 016e76cb41a1194842aaa8c4131811e03aecb1e39c065d7b76b01074f515714b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70083f92f9e8cd4e58289a472313a1827783f79efd4eda51fae12c14af9a69ed
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 72D17072518340AFC710EBA0C896EAFB7ECAF98704F44491EF589C7191EB74DA54CB62
                                                                                                                                                                                                                Function 002E9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 002E9663
                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 002E96A1
                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,?), ref: 002E96BB
                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 002E96D3
                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 002E96DE
                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 002E96FA
                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 002E974A
                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(00336B7C), ref: 002E9768
                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 002E9772
                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 002E977F
                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 002E978F
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                • API String ID: 1409584000-438819550
                                                                                                                                                                                                                • Opcode ID: d2bbae4dbd6234d83e4d0d8f8488826f3524d50b45587cf8e498a9ce01874568
                                                                                                                                                                                                                • Instruction ID: a22f95edf883284f415c7e712815a21e207532709e65989899134d80ecd108b2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d2bbae4dbd6234d83e4d0d8f8488826f3524d50b45587cf8e498a9ce01874568
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 583113726A125A7EDF21EFB6DC49ADEB3ACAF09320F504167F805E2190DB30DD948E10
                                                                                                                                                                                                                Function 002E979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 002E97BE
                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 002E9819
                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 002E9824
                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 002E9840
                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 002E9890
                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(00336B7C), ref: 002E98AE
                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 002E98B8
                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 002E98C5
                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 002E98D5
                                                                                                                                                                                                                  • Part of subcall function 002DDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 002DDB00
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                • API String ID: 2640511053-438819550
                                                                                                                                                                                                                • Opcode ID: 72e844fd8e347d2e33c7a225eb1d6fb61ab4e3d9bcadb91b915e74042667dfb0
                                                                                                                                                                                                                • Instruction ID: 6a7e3617db90c4daf12e4fd6bb79578e7e76e82d41df09bb6c6f8126ba123c09
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 72e844fd8e347d2e33c7a225eb1d6fb61ab4e3d9bcadb91b915e74042667dfb0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D731D2315A125A6EDF21EFB6DC59ADE77AC9F06320F508157E810A21E0DB30DDA5CF20
                                                                                                                                                                                                                Function 002FBE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 002FC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,002FB6AE,?,?), ref: 002FC9B5
                                                                                                                                                                                                                  • Part of subcall function 002FC998: _wcslen.LIBCMT ref: 002FC9F1
                                                                                                                                                                                                                  • Part of subcall function 002FC998: _wcslen.LIBCMT ref: 002FCA68
                                                                                                                                                                                                                  • Part of subcall function 002FC998: _wcslen.LIBCMT ref: 002FCA9E
                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 002FBF3E
                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 002FBFA9
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 002FBFCD
                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 002FC02C
                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 002FC0E7
                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 002FC154
                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 002FC1E9
                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 002FC23A
                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 002FC2E3
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 002FC382
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 002FC38F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3102970594-0
                                                                                                                                                                                                                • Opcode ID: af7d1ed1e734f80299aad3f7354eade55033ea40e2066097a468e49749ed7d29
                                                                                                                                                                                                                • Instruction ID: 67d6f9a79f7f9036ed0fd1edfdb374337feb29f8d8dce03bfa31e3b3edab144f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: af7d1ed1e734f80299aad3f7354eade55033ea40e2066097a468e49749ed7d29
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 95026A706142059FC714CF28C991E2ABBE5EF89358F18C4ADF94A8B2A2DB31EC55CF51
                                                                                                                                                                                                                Function 002E8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetLocalTime.KERNEL32(?), ref: 002E8257
                                                                                                                                                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 002E8267
                                                                                                                                                                                                                • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 002E8273
                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 002E8310
                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 002E8324
                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 002E8356
                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 002E838C
                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 002E8395
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                • API String ID: 1464919966-438819550
                                                                                                                                                                                                                • Opcode ID: f363124a71b70ba5dde572a019fd30d1ca756e65c301f4e8d42ee46b4ef2bdef
                                                                                                                                                                                                                • Instruction ID: 04017d440eb584f261798cbcb6999834fd3cc64378945325202e929b6e88eef5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f363124a71b70ba5dde572a019fd30d1ca756e65c301f4e8d42ee46b4ef2bdef
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D6188721283459FCB10EF61C8419AEB3E8FF89310F44895EF98997251DB31E965CF92
                                                                                                                                                                                                                Function 002DD076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00273AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00273A97,?,?,00272E7F,?,?,?,00000000), ref: 00273AC2
                                                                                                                                                                                                                  • Part of subcall function 002DE199: GetFileAttributesW.KERNEL32(?,002DCF95), ref: 002DE19A
                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 002DD122
                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 002DD1DD
                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 002DD1F0
                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 002DD20D
                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 002DD237
                                                                                                                                                                                                                  • Part of subcall function 002DD29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,002DD21C,?,?), ref: 002DD2B2
                                                                                                                                                                                                                • FindClose.KERNEL32(00000000,?,?,?), ref: 002DD253
                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 002DD264
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                • String ID: \*.*
                                                                                                                                                                                                                • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                • Opcode ID: 637e6f5b0d45fb9143e30b77eb1fb08f31063d08aabb03f1a32259037d27d69c
                                                                                                                                                                                                                • Instruction ID: 6416d375ad99bb78d6ea7108f0cde19c0a56500facc9cfe9a3dfc4c29056158b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 637e6f5b0d45fb9143e30b77eb1fb08f31063d08aabb03f1a32259037d27d69c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB615E3182114D9ACF05EFE0C9929EDB779AF55300F208166E40977292EB309F69DF61
                                                                                                                                                                                                                Function 002EED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1737998785-0
                                                                                                                                                                                                                • Opcode ID: 3fc3399afcb774186e5c15e9a47fc61e405d137ed9e2f3157add74b1f4ece835
                                                                                                                                                                                                                • Instruction ID: 41c5457d23a4679b89483f4a94e256998237cfdf41ee917209dd545fc1d0b882
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3fc3399afcb774186e5c15e9a47fc61e405d137ed9e2f3157add74b1f4ece835
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E241F2346246519FDB21DF26D898F19BBE8FF04328F59C19AE4198B762C771EC41CB80
                                                                                                                                                                                                                Function 002DE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 002D16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 002D170D
                                                                                                                                                                                                                  • Part of subcall function 002D16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 002D173A
                                                                                                                                                                                                                  • Part of subcall function 002D16C3: GetLastError.KERNEL32 ref: 002D174A
                                                                                                                                                                                                                • ExitWindowsEx.USER32(?,00000000), ref: 002DE932
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                • Opcode ID: ab06e5849b24dac34da41a22990216e60eb909941e499546ac2c6b5bec0a60e3
                                                                                                                                                                                                                • Instruction ID: c9781cb92b68a5ff112a1cce5628128f6ab4e758f95d26ce39dc3f7d2eb5e50f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ab06e5849b24dac34da41a22990216e60eb909941e499546ac2c6b5bec0a60e3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 200126B2632212BBEF1437B49CA6BFF725CA704740F164923FC02E62D2D6A05C608590
                                                                                                                                                                                                                Function 002F1204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 002F1276
                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 002F1283
                                                                                                                                                                                                                • bind.WSOCK32(00000000,?,00000010), ref: 002F12BA
                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 002F12C5
                                                                                                                                                                                                                • closesocket.WSOCK32(00000000), ref: 002F12F4
                                                                                                                                                                                                                • listen.WSOCK32(00000000,00000005), ref: 002F1303
                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 002F130D
                                                                                                                                                                                                                • closesocket.WSOCK32(00000000), ref: 002F133C
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 540024437-0
                                                                                                                                                                                                                • Opcode ID: 0afb11623ff8b9775e744228482a893f3cce74852c3e7c600f003161e7011a5e
                                                                                                                                                                                                                • Instruction ID: 28931a7a83ba76b5ddd30c6a5e3c7b4bdb5cba3c441058040d9ad0643bdebb60
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0afb11623ff8b9775e744228482a893f3cce74852c3e7c600f003161e7011a5e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DD41CE30A10115DFD710DF68C498B2AFBE5AF86358F58C199E9168F2E2C771EC91CBA0
                                                                                                                                                                                                                Function 002DD3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00273AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00273A97,?,?,00272E7F,?,?,?,00000000), ref: 00273AC2
                                                                                                                                                                                                                  • Part of subcall function 002DE199: GetFileAttributesW.KERNEL32(?,002DCF95), ref: 002DE19A
                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 002DD420
                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 002DD470
                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 002DD481
                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 002DD498
                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 002DD4A1
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                • String ID: \*.*
                                                                                                                                                                                                                • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                • Opcode ID: a51c9cd0e8316cdd4fa386558b26ab971bf08b7580242ef1e2f4d25348f5321b
                                                                                                                                                                                                                • Instruction ID: 865444f89fa6d285ea510f4838b472337f487c7cad60baca104dfc805a198c7f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a51c9cd0e8316cdd4fa386558b26ab971bf08b7580242ef1e2f4d25348f5321b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 523170310293459BC701EF64D8928AFB7ACAE91314F449E1EF4D552291EB30AE29DB63
                                                                                                                                                                                                                Function 002AE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __floor_pentium4
                                                                                                                                                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                • Opcode ID: bfb2e03526a260d29782a3518416c73c7fb5842c7faf0e4640e3d454e246565d
                                                                                                                                                                                                                • Instruction ID: 779b2c276dcf0b882f0f1f66fd248f8af1e79ee2944329fd7211cc4807c2db0c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bfb2e03526a260d29782a3518416c73c7fb5842c7faf0e4640e3d454e246565d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52C26C71E246298FDF65CE68CD407EAB7B5EB4A304F1541EAD40DE7240EB78AE918F40
                                                                                                                                                                                                                Function 002E648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002E64DC
                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 002E6639
                                                                                                                                                                                                                • CoCreateInstance.OLE32(0030FCF8,00000000,00000001,0030FB68,?), ref: 002E6650
                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 002E68D4
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                • String ID: .lnk
                                                                                                                                                                                                                • API String ID: 886957087-24824748
                                                                                                                                                                                                                • Opcode ID: 158bc2a53b70e2d1ee019ea834c4d8d778f9cb902a289ffb84356f2c1785a75d
                                                                                                                                                                                                                • Instruction ID: 5a3a9e7c3d2db4db731a25a927c23eb19f028dd27e0051bc382181b0c412c817
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 158bc2a53b70e2d1ee019ea834c4d8d778f9cb902a289ffb84356f2c1785a75d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: ABD16A716283419FC304DF24C885D6BB7E8FF99304F50896DF5998B2A1EB30E959CB92
                                                                                                                                                                                                                Function 002F22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetForegroundWindow.USER32(?,?,00000000), ref: 002F22E8
                                                                                                                                                                                                                  • Part of subcall function 002EE4EC: GetWindowRect.USER32(?,?), ref: 002EE504
                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 002F2312
                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 002F2319
                                                                                                                                                                                                                • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 002F2355
                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 002F2381
                                                                                                                                                                                                                • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 002F23DF
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2387181109-0
                                                                                                                                                                                                                • Opcode ID: f160b2b3dc8d5c148fad3cacca8d8cb56579dc897033c37210099d1640fc590e
                                                                                                                                                                                                                • Instruction ID: 12717737b291bce3c43e7d4cc57457315542ef7a2cb256c844fd6f0bc2d2140f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f160b2b3dc8d5c148fad3cacca8d8cb56579dc897033c37210099d1640fc590e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE31F2B21153099FDB20DF14CC45FABBBA9FF85354F000A2AF58497181D734E918CB91
                                                                                                                                                                                                                Function 002E9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00279CB3: _wcslen.LIBCMT ref: 00279CBD
                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 002E9B78
                                                                                                                                                                                                                • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 002E9C8B
                                                                                                                                                                                                                  • Part of subcall function 002E3874: GetInputState.USER32 ref: 002E38CB
                                                                                                                                                                                                                  • Part of subcall function 002E3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 002E3966
                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 002E9BA8
                                                                                                                                                                                                                • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 002E9C75
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                • API String ID: 1972594611-438819550
                                                                                                                                                                                                                • Opcode ID: 2674b4dee1ccb1e79cfbb361faf8d6adc2f6a98a28ecc52d667ea6140ee80e3b
                                                                                                                                                                                                                • Instruction ID: 3a29bd8d492c1fd92c3166b19f02c229f2c6ea813dc09b4bc1dfe74b81ab365e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2674b4dee1ccb1e79cfbb361faf8d6adc2f6a98a28ecc52d667ea6140ee80e3b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9741B57196124A9FCF15EF65C855AEE7BB8EF09300F605157E405A2191D7309ED4CF60
                                                                                                                                                                                                                Function 0028997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00289BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00289BB2
                                                                                                                                                                                                                • DefDlgProcW.USER32(?,?,?,?,?), ref: 00289A4E
                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00289B23
                                                                                                                                                                                                                • SetBkColor.GDI32(?,00000000), ref: 00289B36
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Color$LongProcWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3131106179-0
                                                                                                                                                                                                                • Opcode ID: 4b8b0ceb9b786e83a88d012c4a846f0c7cbf867bc6be8b54ded923a3f8d6406b
                                                                                                                                                                                                                • Instruction ID: 121db6c505e4d6cf0fcf2787b5953735ebb7a45d28c86466b43ebb6d725874ab
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4b8b0ceb9b786e83a88d012c4a846f0c7cbf867bc6be8b54ded923a3f8d6406b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D0A11A7813A445AEE729BE2C8C58F7B269DEB42340F18430DF502DA9D1CE65ADB1CB71
                                                                                                                                                                                                                Function 002F1806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 002F304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 002F307A
                                                                                                                                                                                                                  • Part of subcall function 002F304E: _wcslen.LIBCMT ref: 002F309B
                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 002F185D
                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 002F1884
                                                                                                                                                                                                                • bind.WSOCK32(00000000,?,00000010), ref: 002F18DB
                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 002F18E6
                                                                                                                                                                                                                • closesocket.WSOCK32(00000000), ref: 002F1915
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1601658205-0
                                                                                                                                                                                                                • Opcode ID: 7bb1ac8efdc5b64ef762fa4eb85ee5a6f2fbca9fb9bd474b85cf7d04ac723080
                                                                                                                                                                                                                • Instruction ID: 6089565393da89707d916094e0d6928d35965547925e7f1099c2171e11d7060a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7bb1ac8efdc5b64ef762fa4eb85ee5a6f2fbca9fb9bd474b85cf7d04ac723080
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4851C475A10200AFE710AF24C886F3AB7E5AB44758F54C05CFA0A5F3D3D771AD518BA1
                                                                                                                                                                                                                Function 00301C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 292994002-0
                                                                                                                                                                                                                • Opcode ID: 1ac357c80652cb0056684fa2675824c053e6e63b162c1656ad0e2d14ea1fbe19
                                                                                                                                                                                                                • Instruction ID: 9f281e84fc14464801b854f6c0a440a27189ee089b1f7b7cb5fd1509c300cfa2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1ac357c80652cb0056684fa2675824c053e6e63b162c1656ad0e2d14ea1fbe19
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5921A6317422115FE722CF2AC8A4B6A7BE9FF85314F19806DE8468B391CB71DC42CB94
                                                                                                                                                                                                                Function 00278060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                • API String ID: 0-1546025612
                                                                                                                                                                                                                • Opcode ID: aaf5bdbc8898d3dd0d540e15886a911f3df498d179158b34f0fef27ddc596090
                                                                                                                                                                                                                • Instruction ID: 33d1dd43779dd72be12fb8ad685256fc856c28783027bed775123d1a843f45cc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: aaf5bdbc8898d3dd0d540e15886a911f3df498d179158b34f0fef27ddc596090
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51A2B471E6062ACBDF24CF58C8487EDB7B1BF44350F2481AAD819AB285DB749DA1CF50
                                                                                                                                                                                                                Function 002D8298 Relevance: 6.6, APIs: 1, Strings: 3, Instructions: 568stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,00000000), ref: 002D82AA
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: lstrlen
                                                                                                                                                                                                                • String ID: ($tb3$|
                                                                                                                                                                                                                • API String ID: 1659193697-3993506138
                                                                                                                                                                                                                • Opcode ID: 9bf99766546369f8fbc24aa78c0b5e6c964382b7c9d75896d6d990105253941e
                                                                                                                                                                                                                • Instruction ID: 9030fd0bd7ef55d4d357967899ddc3949d2cd270ee10d3289fe7f5f4269ec1b7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9bf99766546369f8fbc24aa78c0b5e6c964382b7c9d75896d6d990105253941e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 93323674A107069FCB28CF19C481A6AB7F0FF48710B15C5AEE49ADB3A1EB70E951CB40
                                                                                                                                                                                                                Function 002DAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 002DAAAC
                                                                                                                                                                                                                • SetKeyboardState.USER32(00000080), ref: 002DAAC8
                                                                                                                                                                                                                • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 002DAB36
                                                                                                                                                                                                                • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 002DAB88
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 432972143-0
                                                                                                                                                                                                                • Opcode ID: 6365f0af8a02470b591c7dbf33a2f0cd2361e908019c02a90226e2fc3d5b8b07
                                                                                                                                                                                                                • Instruction ID: cb3258364cd2287c463d49547fb8a81e3e6aa6d5ae10be9ae964e1c861a7810e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6365f0af8a02470b591c7dbf33a2f0cd2361e908019c02a90226e2fc3d5b8b07
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B310730A60249AEEB358F648C05FFA7BAAAB65314F14431BF581562D0D3758DA2C762
                                                                                                                                                                                                                Function 002ABB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _free.LIBCMT ref: 002ABB7F
                                                                                                                                                                                                                  • Part of subcall function 002A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,002AD7D1,00000000,00000000,00000000,00000000,?,002AD7F8,00000000,00000007,00000000,?,002ADBF5,00000000), ref: 002A29DE
                                                                                                                                                                                                                  • Part of subcall function 002A29C8: GetLastError.KERNEL32(00000000,?,002AD7D1,00000000,00000000,00000000,00000000,?,002AD7F8,00000000,00000007,00000000,?,002ADBF5,00000000,00000000), ref: 002A29F0
                                                                                                                                                                                                                • GetTimeZoneInformation.KERNEL32 ref: 002ABB91
                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,?,0034121C,000000FF,?,0000003F,?,?), ref: 002ABC09
                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,?,00341270,000000FF,?,0000003F,?,?,?,0034121C,000000FF,?,0000003F,?,?), ref: 002ABC36
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 806657224-0
                                                                                                                                                                                                                • Opcode ID: 6563735a4230bea54d991c65f59d0f35b5460d7bf38f95936a81f30dbe02e20b
                                                                                                                                                                                                                • Instruction ID: e291ef462cdfcd91cf8206fa2612ec380500dc2d22606829a036997223964987
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6563735a4230bea54d991c65f59d0f35b5460d7bf38f95936a81f30dbe02e20b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F31C070914206DFCB12DF69DC80869BBB9BF47720B144AAAE010DB2A2DF70AD50CB50
                                                                                                                                                                                                                Function 002ECE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InternetReadFile.WININET(?,?,00000400,?), ref: 002ECE89
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 002ECEEA
                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000000), ref: 002ECEFE
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 234945975-0
                                                                                                                                                                                                                • Opcode ID: a4e24db5f8a0b1178f8950a96b85d7d9e3a1d338893ec5f7aad86117c5d07ee3
                                                                                                                                                                                                                • Instruction ID: c66ac33aa676d31307a6516bf7726b8f5e214a08e18cbc81d4a31750607ef190
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a4e24db5f8a0b1178f8950a96b85d7d9e3a1d338893ec5f7aad86117c5d07ee3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7021EDB1560306AFDB20DFA6C989BAA77FCEB10314F64442EE64292151E770EE168B60
                                                                                                                                                                                                                Function 002E5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 002E5CC1
                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 002E5D17
                                                                                                                                                                                                                • FindClose.KERNEL32(?), ref: 002E5D5F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3541575487-0
                                                                                                                                                                                                                • Opcode ID: 1ec40d97dd76e146e3296ae0d6ca4490ec3950f1b52d9541db0dbb24ebd2cb7d
                                                                                                                                                                                                                • Instruction ID: 20d1e65001b114b1ceda8d8d867912453e6cf00457bf1bce9f38076a6532f91c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1ec40d97dd76e146e3296ae0d6ca4490ec3950f1b52d9541db0dbb24ebd2cb7d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B51CC346206429FC704DF29C894E9AB7E4FF0A318F54855EE95A8B3A2CB30EC14CF91
                                                                                                                                                                                                                Function 002A2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 002A271A
                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 002A2724
                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 002A2731
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3906539128-0
                                                                                                                                                                                                                • Opcode ID: 1e06aaac892a6169702b1b1667c84b44f146ce8da602b92885471880c0cabf49
                                                                                                                                                                                                                • Instruction ID: 752141a8962b20d72e0d4c27d40fcdbb1ea275394fc9fff5e0fe37126d2d1992
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1e06aaac892a6169702b1b1667c84b44f146ce8da602b92885471880c0cabf49
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0131D77491121CABCB21DF68DC887DCB7B8AF08310F5041DAE80CA7261EB349F958F44
                                                                                                                                                                                                                Function 002E51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 002E51DA
                                                                                                                                                                                                                • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 002E5238
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000), ref: 002E52A1
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1682464887-0
                                                                                                                                                                                                                • Opcode ID: d6c98c02304ab0d8fc79c50b627ef0d299d18a0dda808b8160d1aa6cbc493939
                                                                                                                                                                                                                • Instruction ID: 49a50f46ef7bb7d1a63f4cb4989b1f07215523f88b33ad4c6f34225cc6687d42
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d6c98c02304ab0d8fc79c50b627ef0d299d18a0dda808b8160d1aa6cbc493939
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 80318035A20518DFDB00DF54D884EADBBB4FF09318F548099E9099B362CB71EC55CB91
                                                                                                                                                                                                                Function 002D16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 0028FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00290668
                                                                                                                                                                                                                  • Part of subcall function 0028FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00290685
                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 002D170D
                                                                                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 002D173A
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 002D174A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 577356006-0
                                                                                                                                                                                                                • Opcode ID: f78ada0b7e058e6c122445aa04a28b3e773abb50989b4b4caa0f08d8a9eb94c8
                                                                                                                                                                                                                • Instruction ID: f224461a3a6caf3e52315f1cf88bf7559f357bb3a1575693ebff06f60c5bbaf9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f78ada0b7e058e6c122445aa04a28b3e773abb50989b4b4caa0f08d8a9eb94c8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3611CEB2420305BFE718AF64DC86E6AB7BDFB04714B20852EE45653691EB70FC61CB24
                                                                                                                                                                                                                Function 002DD5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 002DD608
                                                                                                                                                                                                                • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 002DD645
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 002DD650
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 33631002-0
                                                                                                                                                                                                                • Opcode ID: d834f24dbac8031983f3da5c5a9db97120244d2d65ea7fd06f30487c8e6efbe6
                                                                                                                                                                                                                • Instruction ID: e1c96e8da25b10ff1e7ed6a5ea1a0cecd3c7959a839facc059ee332992baf1cb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d834f24dbac8031983f3da5c5a9db97120244d2d65ea7fd06f30487c8e6efbe6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A117C75E11228BBDB108F94AC44FAFBBBCEB45B50F108152F904E7290D2704A018BE1
                                                                                                                                                                                                                Function 002D1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 002D168C
                                                                                                                                                                                                                • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 002D16A1
                                                                                                                                                                                                                • FreeSid.ADVAPI32(?), ref: 002D16B1
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3429775523-0
                                                                                                                                                                                                                • Opcode ID: bbcebceda2e9795c2d9a073a28e5f90862f50cb1aaf5970335752703cc888aa5
                                                                                                                                                                                                                • Instruction ID: 5a3cbd4d253d877d79ff459583c9f4feb0d4f68dc1340c05b9a424f378a51d2f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bbcebceda2e9795c2d9a073a28e5f90862f50cb1aaf5970335752703cc888aa5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 44F0F471961309FBEB00DFE49D89AAEBBBCEB08704F504566E501E2181E774EA448A50
                                                                                                                                                                                                                Function 002CD27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetUserNameW.ADVAPI32(?,?), ref: 002CD28C
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: NameUser
                                                                                                                                                                                                                • String ID: X64
                                                                                                                                                                                                                • API String ID: 2645101109-893830106
                                                                                                                                                                                                                • Opcode ID: 646b8d55563341cc4e3de342d50a7d5d7b1e2a8543ce0bf3ab0c009fdaf338f5
                                                                                                                                                                                                                • Instruction ID: 4806840e7af27d42d562ad6453c1a8f9687de507d46b69f13895b64c2432e971
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 646b8d55563341cc4e3de342d50a7d5d7b1e2a8543ce0bf3ab0c009fdaf338f5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 45D0C9B482611DEBCB94DB90DC88DDAB37CBB04305F100256F506A2040D77095498F10
                                                                                                                                                                                                                Function 0029CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                • Instruction ID: f3745e7cfa06dfeaf5c1137aa5506ce10141f296ae56c0b55638d700bd91c214
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 21022C71E102199FDF14CFA9C8806ADFBF5EF48324F25816AD819E7384D730AA518B94
                                                                                                                                                                                                                Function 0027CAF0 Relevance: 3.2, Strings: 2, Instructions: 659COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: Variable is not of type 'Object'.$p#4
                                                                                                                                                                                                                • API String ID: 0-1885815704
                                                                                                                                                                                                                • Opcode ID: 9bf0d884c5f53752e4234c697d29c951262a79382e5f66453ce6766a21876ba1
                                                                                                                                                                                                                • Instruction ID: 0191db0ea57e28a8136adb8fad0a65a11fadd043542832556027330b4a0a7d61
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9bf0d884c5f53752e4234c697d29c951262a79382e5f66453ce6766a21876ba1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 72329D74920219DBDF14DFA4C880FEDB7B5BF05304F24816EE80AAB292D771AE65CB51
                                                                                                                                                                                                                Function 002E68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 002E6918
                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 002E6961
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2295610775-0
                                                                                                                                                                                                                • Opcode ID: c604f99725d248549ff4cf436edd7483951dd8b599227c3b67f80a1006e83ea2
                                                                                                                                                                                                                • Instruction ID: b9e93485fae46efb481dbbd603ad053f7f511c44f0dff53d28b7315310f097f0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c604f99725d248549ff4cf436edd7483951dd8b599227c3b67f80a1006e83ea2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB1190316242419FC710DF2AD488A1ABBE5FF85328F54C69EE4698F6A2C730EC15CB91
                                                                                                                                                                                                                Function 002E37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,002F4891,?,?,00000035,?), ref: 002E37E4
                                                                                                                                                                                                                • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,002F4891,?,?,00000035,?), ref: 002E37F4
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3479602957-0
                                                                                                                                                                                                                • Opcode ID: aa7ec54b0e2deeee98f92fa9e17e169d563a1c47f6531c8d2fa90459b5c45459
                                                                                                                                                                                                                • Instruction ID: 4431c175a5f7f7eb3aafaa6ff611dffa2dfdb27113b77b47e5ed2c1f44f988dd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa7ec54b0e2deeee98f92fa9e17e169d563a1c47f6531c8d2fa90459b5c45459
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62F0EC706253152ADB2157674C4DFEB769DEFC4761F000265F509D3181D5605944C6B0
                                                                                                                                                                                                                Function 002DB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 002DB25D
                                                                                                                                                                                                                • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 002DB270
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: InputSendkeybd_event
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3536248340-0
                                                                                                                                                                                                                • Opcode ID: b33b24a73d351169dc33e3aae6c4fc089c59c6ee57535da778707be45490f86e
                                                                                                                                                                                                                • Instruction ID: e79290e54ff3d3c2a7b6e41c01efb35ac8d2d980b5b686010170323eb99365bd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b33b24a73d351169dc33e3aae6c4fc089c59c6ee57535da778707be45490f86e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CBF01D7581428EABDB069FA1C815BAE7BB4FF04305F00900AF955A5192C37986119F94
                                                                                                                                                                                                                Function 002D10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,002D11FC), ref: 002D10D4
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,002D11FC), ref: 002D10E9
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 81990902-0
                                                                                                                                                                                                                • Opcode ID: ba421d7728b7802bb54cc5c3f6a08ddaf6d12df36f9a08437bf2c05c878b9928
                                                                                                                                                                                                                • Instruction ID: 80233d7e4ed064a2aa1554675a9feee8ad35a34d50a01357ed097943c853c932
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba421d7728b7802bb54cc5c3f6a08ddaf6d12df36f9a08437bf2c05c878b9928
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B8E04F36025600EEF7662B11FC05E7377ADEB04311F10892EF5A5804B1DB62ACB0DB10
                                                                                                                                                                                                                Function 002A676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,002A6766,?,?,00000008,?,?,002AFEFE,00000000), ref: 002A6998
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ExceptionRaise
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3997070919-0
                                                                                                                                                                                                                • Opcode ID: a970af334bcfdb87719fb6f0f91c5631ad06238139e589199ccd7fc0e9b5c05f
                                                                                                                                                                                                                • Instruction ID: 0bd64123a9b1c1e7cd36d4d63dd5cc55fc4eb54bc7a9f6d57f0854a34e41dd6e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a970af334bcfdb87719fb6f0f91c5631ad06238139e589199ccd7fc0e9b5c05f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B8B16E3152060ADFD715CF28C48AB657BE0FF06364F298658E899CF2E2CB35D9A5CB40
                                                                                                                                                                                                                Function 0028B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 0-3916222277
                                                                                                                                                                                                                • Opcode ID: 5410b52a700296d0f0cb97a7e041cd959fc057e24479140c3253424c33480aad
                                                                                                                                                                                                                • Instruction ID: ed53b362f06a4947dbd02cd2f43c4651de6ce114561ca2a0a29b132ebf891e67
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5410b52a700296d0f0cb97a7e041cd959fc057e24479140c3253424c33480aad
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 911282759202299FCB15DF58C851BEEB7B5FF48310F10819AE809EB281DB709E91CF90
                                                                                                                                                                                                                Function 002EEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • BlockInput.USER32(00000001), ref: 002EEABD
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: BlockInput
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3456056419-0
                                                                                                                                                                                                                • Opcode ID: ab6d35afd6b8b2f9fdd2d97880928b9b6bed8d88d17ad7b21486245260b6318c
                                                                                                                                                                                                                • Instruction ID: 677cd7a698ea3531053cba3e096164ced70dba7f4afe599ee1bbecbda21ed4dd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ab6d35afd6b8b2f9fdd2d97880928b9b6bed8d88d17ad7b21486245260b6318c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 18E04F312202049FC710EF6AD814E9AF7EDAF98760F41C42AFC49C73A1DBB0E8508B91
                                                                                                                                                                                                                Function 002909D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,002903EE), ref: 002909DA
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                                                                                                • Opcode ID: 0f76d424ea26f3bc05e5d4bc22ca0b2f293764e7cd41fb27ea54adc6a7829d99
                                                                                                                                                                                                                • Instruction ID: ee75e4a8838bc925a484218ee3543ef50d4009506e09dce1bc172c1e30fdb9a5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f76d424ea26f3bc05e5d4bc22ca0b2f293764e7cd41fb27ea54adc6a7829d99
                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                Function 0029781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                • API String ID: 0-4108050209
                                                                                                                                                                                                                • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                • Instruction ID: 9eb45d0b1ab2e62c051670e2551928b3c2beb261f557e713dad4a889f4970803
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB51777163C7075BEF388D68885E7BE2389FF02304F180519D886DB282C655DE36E756
                                                                                                                                                                                                                Function 002E2046 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: 0&4
                                                                                                                                                                                                                • API String ID: 0-960514835
                                                                                                                                                                                                                • Opcode ID: 913363c54635ae814f3ea90c309ea964788179e08d279594a1dc75f5228716b2
                                                                                                                                                                                                                • Instruction ID: 8c9414e203d2169ada2c590028677600f126f5d628d227ae792eaa097bd2f221
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 913363c54635ae814f3ea90c309ea964788179e08d279594a1dc75f5228716b2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C21EB323605118BDB28CF79C82367E73E9A764310F55862EE4A7D77D0DE39A904CB80
                                                                                                                                                                                                                Function 002A6DD9 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 2dfb463563c06ef370fce1b4f56cb278242cd92efc51a94a46a3f0a14cf87e07
                                                                                                                                                                                                                • Instruction ID: d0b9360233b9fd29fd6d9e78b6fe4a4caa49491cbb0b86dd3cd7a1b4b5c7b433
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2dfb463563c06ef370fce1b4f56cb278242cd92efc51a94a46a3f0a14cf87e07
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 42321122D39F014ED7239A34DC22336A64DAFBB3C5F15D727E82AB59A5EF29C4934104
                                                                                                                                                                                                                Function 0028CC39 Relevance: .6, Instructions: 635COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 5e0d4ec350bff3df3ae8653c5b2028220ed950356cfccf3bfa2f2bcc5b2b5aa1
                                                                                                                                                                                                                • Instruction ID: b09e69b85f6610092dd918ec4f8c0e3d912632fb0f22b44112aa817b7a7bc833
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e0d4ec350bff3df3ae8653c5b2028220ed950356cfccf3bfa2f2bcc5b2b5aa1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9132F231A341468BDF28DE28C494B7DBBA1EB45314F38866FD48E9B2A1D330DDA1DB51
                                                                                                                                                                                                                Function 00277920 Relevance: .6, Instructions: 563COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: d33c803f2e405f779eca8e1600deb8fc5e7b8f236dbe29dcc38ac79e6c209636
                                                                                                                                                                                                                • Instruction ID: 3418d308e8ecff265339b7110f997e28b3d83f5a16a6c22342fe781027355131
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d33c803f2e405f779eca8e1600deb8fc5e7b8f236dbe29dcc38ac79e6c209636
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E822AD70A2061ADFDF14DF64C981BEEB3F5FF48344F148529E816AB291EB35A960CB50
                                                                                                                                                                                                                Function 002791C0 Relevance: .5, Instructions: 475COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 2add4a9823c97d98c01f95ae8f9b5e8ba707037765abdf24443abd7d2fef5547
                                                                                                                                                                                                                • Instruction ID: 10c5ec9e5872ca79d6226a74192f84103497b5aa4af6e9e97a492b96d261b7da
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2add4a9823c97d98c01f95ae8f9b5e8ba707037765abdf24443abd7d2fef5547
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B02B6B1A20206EBDF04DF54D981AEDB7B5FF44340F118169E81A9B291EB71AE70CF91
                                                                                                                                                                                                                Function 002A9EEE Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 39266025aa8cc0139ecb7e3fcf68600ac2e7b1fb91490fac0ec8107ca43fbb06
                                                                                                                                                                                                                • Instruction ID: f732888d2c3ecc95deb4d6ed870e309f23d5bcda3f41dc60f7b44835a4413b63
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 39266025aa8cc0139ecb7e3fcf68600ac2e7b1fb91490fac0ec8107ca43fbb06
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 38B1E024E2AF414DD62396398831336FA5CAFBB7D5F91D71BFC2674D22EB2286834140
                                                                                                                                                                                                                Function 00291C77 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                • Instruction ID: bdc4f19b46658273876c67b65b49c60f1dc2b7e33750167c54bd21846ba2d66b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC9147726290A34ADF2D4A3F857407EFFE15A923A131A079ED4F2CA1C5FE24D974D620
                                                                                                                                                                                                                Function 00291F32 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                • Instruction ID: a4eca00e15637c3e36b03dc03078da401cfcc06041938dfbced27f24da890649
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D9189722290A359EF2D463A857403DFFE15A923A131A079DD4F6CB5C6EE24C57CD620
                                                                                                                                                                                                                Function 002919B0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                • Instruction ID: 673721337120d9fb66cbbf2cbcc2b6b2ac17832fb45a55d15ce341dc136817fd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 439145722290A34EEF2D4A7B857403DFFE15A923A631A079ED4F2CA1C5FD24D974D620
                                                                                                                                                                                                                Function 00297A4A Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 8ad331a5956f1f4e73377729df2bcd5135be4f221a1f304e71736110f29243ef
                                                                                                                                                                                                                • Instruction ID: d3b88dd05eb38ad2d413023b2f4ee3ae74086369f9ebedf6fcb8a97350b46b91
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8ad331a5956f1f4e73377729df2bcd5135be4f221a1f304e71736110f29243ef
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9761797123870B66DE389E2C8CB5BBE2399EF42708F14091EE843DB291DA51DE72C755
                                                                                                                                                                                                                Function 00297CA7 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 606b68527d773a87171de879487a2992f88be8891ba85989e13c66fec99bca99
                                                                                                                                                                                                                • Instruction ID: b0f1410e71e03d0ed0e0819ec7e335a9db5c03f74481be429d1f800ac78994fa
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 606b68527d773a87171de879487a2992f88be8891ba85989e13c66fec99bca99
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2861797163870B97DE384E288895BBF2398EF43704F140959E982DB281EB52DD728775
                                                                                                                                                                                                                Function 00291706 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                • Instruction ID: 6ca21abcf0bc1ef813bc3e983c9bddaaa437e2d6aaf7d4582b73ead421fb2a47
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 208186726290A309FF6D4A7B853407EFFE16A923A131A079DD4F2CB1C1EE24C574E620
                                                                                                                                                                                                                Function 0028D07D Relevance: .2, Instructions: 172COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 2bf0aff867b5f9170ac16f77965423d343a2de199cb92cdb9c2be91ca1bf961f
                                                                                                                                                                                                                • Instruction ID: 1469ae821359f57fc714f9d6a765a2afbfaa047c9e8f27c9641d0fbd461203da
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2bf0aff867b5f9170ac16f77965423d343a2de199cb92cdb9c2be91ca1bf961f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E51987195A6819FEB271B30886B8903F60FFA771074B4ADEC1804B1A7DA70590ECF65
                                                                                                                                                                                                                Function 002F2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 002F2B30
                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 002F2B43
                                                                                                                                                                                                                • DestroyWindow.USER32 ref: 002F2B52
                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 002F2B6D
                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 002F2B74
                                                                                                                                                                                                                • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 002F2CA3
                                                                                                                                                                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 002F2CB1
                                                                                                                                                                                                                • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002F2CF8
                                                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 002F2D04
                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 002F2D40
                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002F2D62
                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002F2D75
                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002F2D80
                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 002F2D89
                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002F2D98
                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 002F2DA1
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002F2DA8
                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 002F2DB3
                                                                                                                                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002F2DC5
                                                                                                                                                                                                                • OleLoadPicture.OLEAUT32(?,00000000,00000000,0030FC38,00000000), ref: 002F2DDB
                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 002F2DEB
                                                                                                                                                                                                                • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 002F2E11
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 002F2E30
                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002F2E52
                                                                                                                                                                                                                • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002F303F
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                • Opcode ID: 8a4d181f5c739c72d0d266690c9cb169a4d0b3920bb3da198251a5d1fc4c6776
                                                                                                                                                                                                                • Instruction ID: 5ff6098482409e4f0747a93138f77b31ed9afeefdf240e142c2e9a3a80adadb0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8a4d181f5c739c72d0d266690c9cb169a4d0b3920bb3da198251a5d1fc4c6776
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16029E75520209EFDB15DF64CC89EAEBBB9EF49710F148219F915AB2A1CB70AD01CF60
                                                                                                                                                                                                                Function 003070D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 0030712F
                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00307160
                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 0030716C
                                                                                                                                                                                                                • SetBkColor.GDI32(?,000000FF), ref: 00307186
                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00307195
                                                                                                                                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 003071C0
                                                                                                                                                                                                                • GetSysColor.USER32(00000010), ref: 003071C8
                                                                                                                                                                                                                • CreateSolidBrush.GDI32(00000000), ref: 003071CF
                                                                                                                                                                                                                • FrameRect.USER32(?,?,00000000), ref: 003071DE
                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 003071E5
                                                                                                                                                                                                                • InflateRect.USER32(?,000000FE,000000FE), ref: 00307230
                                                                                                                                                                                                                • FillRect.USER32(?,?,?), ref: 00307262
                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00307284
                                                                                                                                                                                                                  • Part of subcall function 003073E8: GetSysColor.USER32(00000012), ref: 00307421
                                                                                                                                                                                                                  • Part of subcall function 003073E8: SetTextColor.GDI32(?,?), ref: 00307425
                                                                                                                                                                                                                  • Part of subcall function 003073E8: GetSysColorBrush.USER32(0000000F), ref: 0030743B
                                                                                                                                                                                                                  • Part of subcall function 003073E8: GetSysColor.USER32(0000000F), ref: 00307446
                                                                                                                                                                                                                  • Part of subcall function 003073E8: GetSysColor.USER32(00000011), ref: 00307463
                                                                                                                                                                                                                  • Part of subcall function 003073E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00307471
                                                                                                                                                                                                                  • Part of subcall function 003073E8: SelectObject.GDI32(?,00000000), ref: 00307482
                                                                                                                                                                                                                  • Part of subcall function 003073E8: SetBkColor.GDI32(?,00000000), ref: 0030748B
                                                                                                                                                                                                                  • Part of subcall function 003073E8: SelectObject.GDI32(?,?), ref: 00307498
                                                                                                                                                                                                                  • Part of subcall function 003073E8: InflateRect.USER32(?,000000FF,000000FF), ref: 003074B7
                                                                                                                                                                                                                  • Part of subcall function 003073E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 003074CE
                                                                                                                                                                                                                  • Part of subcall function 003073E8: GetWindowLongW.USER32(00000000,000000F0), ref: 003074DB
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4124339563-0
                                                                                                                                                                                                                • Opcode ID: 15e13555b673f94cb6722c01d599b548d1d89b7e88682be9fc52f110e1701a12
                                                                                                                                                                                                                • Instruction ID: d00109a5842c2e565f65e15e3db51dfabcd6ba01c703b82ef947bf52489b3a8f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15e13555b673f94cb6722c01d599b548d1d89b7e88682be9fc52f110e1701a12
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AAA1C17241A301AFD7029F64DC58E5BBBADFF49320F101B1AF962961E1D731E844CB91
                                                                                                                                                                                                                Function 00288D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • DestroyWindow.USER32(?,?), ref: 00288E14
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001308,?,00000000), ref: 002C6AC5
                                                                                                                                                                                                                • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 002C6AFE
                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 002C6F43
                                                                                                                                                                                                                  • Part of subcall function 00288F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00288BE8,?,00000000,?,?,?,?,00288BBA,00000000,?), ref: 00288FC5
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001053), ref: 002C6F7F
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 002C6F96
                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(00000000,?), ref: 002C6FAC
                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(00000000,?), ref: 002C6FB7
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                • Opcode ID: 98d810b649ca7ef9a1a82fe516719c15a72bf52232df7b70ed591c0f0b490af3
                                                                                                                                                                                                                • Instruction ID: ff48cd6e86e2069815a92e6c0beaedda57b39a516445ac59c53373dd3237ed15
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 98d810b649ca7ef9a1a82fe516719c15a72bf52232df7b70ed591c0f0b490af3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A128B382226029FD726DF14C858FA5B7E5FB49300F54466EF4858B6A1CB31ECA1CB91
                                                                                                                                                                                                                Function 002F2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • DestroyWindow.USER32(00000000), ref: 002F273E
                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 002F286A
                                                                                                                                                                                                                • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 002F28A9
                                                                                                                                                                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 002F28B9
                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 002F2900
                                                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 002F290C
                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 002F2955
                                                                                                                                                                                                                • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 002F2964
                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 002F2974
                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 002F2978
                                                                                                                                                                                                                • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 002F2988
                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 002F2991
                                                                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 002F299A
                                                                                                                                                                                                                • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 002F29C6
                                                                                                                                                                                                                • SendMessageW.USER32(00000030,00000000,00000001), ref: 002F29DD
                                                                                                                                                                                                                • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 002F2A1D
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 002F2A31
                                                                                                                                                                                                                • SendMessageW.USER32(00000404,00000001,00000000), ref: 002F2A42
                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 002F2A77
                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 002F2A82
                                                                                                                                                                                                                • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 002F2A8D
                                                                                                                                                                                                                • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 002F2A97
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                • API String ID: 2910397461-517079104
                                                                                                                                                                                                                • Opcode ID: efc3c6a9a712cacb8346b9e5110f129fa129b9fda3998a18b61ecae06c6bf9aa
                                                                                                                                                                                                                • Instruction ID: d20d9790c97f08523df4c27a883d638cd4e27f3611a3b5a007ebfdda1c42e04a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: efc3c6a9a712cacb8346b9e5110f129fa129b9fda3998a18b61ecae06c6bf9aa
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CAB15F75A50209AFDB15DF68CC45FAEBBA9EB05710F008215FA15EB2D0DB70AD50CF60
                                                                                                                                                                                                                Function 002E4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 002E4AED
                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?,0030CB68,?,\\.\,0030CC08), ref: 002E4BCA
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,0030CB68,?,\\.\,0030CC08), ref: 002E4D36
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                • Opcode ID: b1f214b4f78fc92758f30ee0b710db251e0a29fafc2a0880ac51faff6b9d9a43
                                                                                                                                                                                                                • Instruction ID: 46af5b2e78924b95abb37b4ec2f8091da53231398fc514469e798a0552b88030
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b1f214b4f78fc92758f30ee0b710db251e0a29fafc2a0880ac51faff6b9d9a43
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F61C2306B5146AFCB05FF26C9C29A877B0AB04304FB4D11AF80AAB691DB71ED61DB51
                                                                                                                                                                                                                Function 003073E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetSysColor.USER32(00000012), ref: 00307421
                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 00307425
                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 0030743B
                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00307446
                                                                                                                                                                                                                • CreateSolidBrush.GDI32(?), ref: 0030744B
                                                                                                                                                                                                                • GetSysColor.USER32(00000011), ref: 00307463
                                                                                                                                                                                                                • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00307471
                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00307482
                                                                                                                                                                                                                • SetBkColor.GDI32(?,00000000), ref: 0030748B
                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00307498
                                                                                                                                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 003074B7
                                                                                                                                                                                                                • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 003074CE
                                                                                                                                                                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 003074DB
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0030752A
                                                                                                                                                                                                                • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00307554
                                                                                                                                                                                                                • InflateRect.USER32(?,000000FD,000000FD), ref: 00307572
                                                                                                                                                                                                                • DrawFocusRect.USER32(?,?), ref: 0030757D
                                                                                                                                                                                                                • GetSysColor.USER32(00000011), ref: 0030758E
                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00307596
                                                                                                                                                                                                                • DrawTextW.USER32(?,003070F5,000000FF,?,00000000), ref: 003075A8
                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 003075BF
                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 003075CA
                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 003075D0
                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 003075D5
                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 003075DB
                                                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 003075E5
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1996641542-0
                                                                                                                                                                                                                • Opcode ID: f573d7dd6010e3e015545abd6928b4586687317575b2af064126fa1874967a35
                                                                                                                                                                                                                • Instruction ID: dbc328256afe9bb0c040a9756ccb7b04ab8eb43843a6f8437b38603d7c686bcd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f573d7dd6010e3e015545abd6928b4586687317575b2af064126fa1874967a35
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 49617076D01218AFDF129FA4DC58AEE7F79EB09320F115212F911AB2E1D770A940CF90
                                                                                                                                                                                                                Function 00300FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00301128
                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 0030113D
                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00301144
                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00301199
                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 003011B9
                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 003011ED
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0030120B
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0030121D
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000421,?,?), ref: 00301232
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00301245
                                                                                                                                                                                                                • IsWindowVisible.USER32(00000000), ref: 003012A1
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 003012BC
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 003012D0
                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 003012E8
                                                                                                                                                                                                                • MonitorFromPoint.USER32(?,?,00000002), ref: 0030130E
                                                                                                                                                                                                                • GetMonitorInfoW.USER32(00000000,?), ref: 00301328
                                                                                                                                                                                                                • CopyRect.USER32(?,?), ref: 0030133F
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000412,00000000), ref: 003013AA
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                • API String ID: 698492251-4156429822
                                                                                                                                                                                                                • Opcode ID: 8eea2c3b619859063a98e6825ab12fda40ef7ae0ba950360b189e536782d158f
                                                                                                                                                                                                                • Instruction ID: ce70bc114ac9fabcaa430d138a8e8de231ba1ad2114e19dc20d01ad7c6d6d4c9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8eea2c3b619859063a98e6825ab12fda40ef7ae0ba950360b189e536782d158f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3AB1AB71619341AFD715DF64C894B6BBBE8FF88704F008919F9999B2A1CB31E844CF92
                                                                                                                                                                                                                Function 00288891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00288968
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000007), ref: 00288970
                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0028899B
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000008), ref: 002889A3
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000004), ref: 002889C8
                                                                                                                                                                                                                • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 002889E5
                                                                                                                                                                                                                • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 002889F5
                                                                                                                                                                                                                • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00288A28
                                                                                                                                                                                                                • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00288A3C
                                                                                                                                                                                                                • GetClientRect.USER32(00000000,000000FF), ref: 00288A5A
                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00288A76
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 00288A81
                                                                                                                                                                                                                  • Part of subcall function 0028912D: GetCursorPos.USER32(?), ref: 00289141
                                                                                                                                                                                                                  • Part of subcall function 0028912D: ScreenToClient.USER32(00000000,?), ref: 0028915E
                                                                                                                                                                                                                  • Part of subcall function 0028912D: GetAsyncKeyState.USER32(00000001), ref: 00289183
                                                                                                                                                                                                                  • Part of subcall function 0028912D: GetAsyncKeyState.USER32(00000002), ref: 0028919D
                                                                                                                                                                                                                • SetTimer.USER32(00000000,00000000,00000028,002890FC), ref: 00288AA8
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                • API String ID: 1458621304-248962490
                                                                                                                                                                                                                • Opcode ID: 56868f13e35ac15e630f38cd22cb2957f670f4c2a5d8abdde9bfb79ec5773ea5
                                                                                                                                                                                                                • Instruction ID: 642239dfb901b16cc891cf4aafd4e3ca4e63ce05db76c0f644d07b5410ed9a43
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 56868f13e35ac15e630f38cd22cb2957f670f4c2a5d8abdde9bfb79ec5773ea5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EDB18079A1120A9FDB15DFA8CC59BAE7BB5FB48314F104219FA15AB2D0DB70E850CF50
                                                                                                                                                                                                                Function 002D0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 002D10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 002D1114
                                                                                                                                                                                                                  • Part of subcall function 002D10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,002D0B9B,?,?,?), ref: 002D1120
                                                                                                                                                                                                                  • Part of subcall function 002D10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,002D0B9B,?,?,?), ref: 002D112F
                                                                                                                                                                                                                  • Part of subcall function 002D10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,002D0B9B,?,?,?), ref: 002D1136
                                                                                                                                                                                                                  • Part of subcall function 002D10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 002D114D
                                                                                                                                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 002D0DF5
                                                                                                                                                                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 002D0E29
                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 002D0E40
                                                                                                                                                                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 002D0E7A
                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 002D0E96
                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 002D0EAD
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 002D0EB5
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 002D0EBC
                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 002D0EDD
                                                                                                                                                                                                                • CopySid.ADVAPI32(00000000), ref: 002D0EE4
                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 002D0F13
                                                                                                                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 002D0F35
                                                                                                                                                                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 002D0F47
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 002D0F6E
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 002D0F75
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 002D0F7E
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 002D0F85
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 002D0F8E
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 002D0F95
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 002D0FA1
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 002D0FA8
                                                                                                                                                                                                                  • Part of subcall function 002D1193: GetProcessHeap.KERNEL32(00000008,002D0BB1,?,00000000,?,002D0BB1,?), ref: 002D11A1
                                                                                                                                                                                                                  • Part of subcall function 002D1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,002D0BB1,?), ref: 002D11A8
                                                                                                                                                                                                                  • Part of subcall function 002D1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,002D0BB1,?), ref: 002D11B7
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4175595110-0
                                                                                                                                                                                                                • Opcode ID: ad974383abde835214fe32bf4e29f14a26358acc9acd28ad21b5afa91a6c0c91
                                                                                                                                                                                                                • Instruction ID: fb1fa5931be096cac1bb62527e055f646f0cfae1d736d74bbea3424945e7ef42
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ad974383abde835214fe32bf4e29f14a26358acc9acd28ad21b5afa91a6c0c91
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D71527291120AAFDF219FA5DC48FEEBBBCBF04300F144216F959A62A1DB719D15CB60
                                                                                                                                                                                                                Function 002FC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 002FC4BD
                                                                                                                                                                                                                • RegCreateKeyExW.ADVAPI32(?,?,00000000,0030CC08,00000000,?,00000000,?,?), ref: 002FC544
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 002FC5A4
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002FC5F4
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002FC66F
                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 002FC6B2
                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 002FC7C1
                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 002FC84D
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 002FC881
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 002FC88E
                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 002FC960
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                • API String ID: 9721498-966354055
                                                                                                                                                                                                                • Opcode ID: 3e4a662252eee63495dee856deda1a30fd6a399bd1a3cbc8532b8d6da8328c6b
                                                                                                                                                                                                                • Instruction ID: 2f9a73767911ca93800a4f8845601a74d6f079376580e37843200e3ecdc12357
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e4a662252eee63495dee856deda1a30fd6a399bd1a3cbc8532b8d6da8328c6b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 63128A316242059FCB15DF24C991E2AB7E5EF88754F24886CF94A9B3A2DB31EC51CF81
                                                                                                                                                                                                                Function 0030091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?), ref: 003009C6
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00300A01
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00300A54
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00300A8A
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00300B06
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00300B81
                                                                                                                                                                                                                  • Part of subcall function 0028F9F2: _wcslen.LIBCMT ref: 0028F9FD
                                                                                                                                                                                                                  • Part of subcall function 002D2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 002D2BFA
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                • Opcode ID: 3bb638b602e0d1832dad5885811f731648d73ce3cb59a9b67a5104a597e348e8
                                                                                                                                                                                                                • Instruction ID: 66272f5366ec7f5949f960abbaff3157551049277269cde873eb9ed7fcf8af23
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3bb638b602e0d1832dad5885811f731648d73ce3cb59a9b67a5104a597e348e8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2BE1DC352193018FC719EF24C4A0A2AB7E1FF98314F15895DF89A9B7A2DB30ED45CB91
                                                                                                                                                                                                                Function 002FC998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                • API String ID: 1256254125-909552448
                                                                                                                                                                                                                • Opcode ID: 87fa47ec7c7773fec937fc1aba71582dbec6fa21772e04849ffdad00f9dfca47
                                                                                                                                                                                                                • Instruction ID: 5ef766639034840c205980b99c683a5475caf5a4c1ce85c00395ff57c875e46d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 87fa47ec7c7773fec937fc1aba71582dbec6fa21772e04849ffdad00f9dfca47
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F671143663012F8BCB20DE3CCA515BAB391AF607D4F310535FA5697284EA31DD65C7A0
                                                                                                                                                                                                                Function 0030833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0030835A
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0030836E
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00308391
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 003083B4
                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 003083F2
                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,0030361A,?), ref: 0030844E
                                                                                                                                                                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00308487
                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 003084CA
                                                                                                                                                                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00308501
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 0030850D
                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0030851D
                                                                                                                                                                                                                • DestroyIcon.USER32(?), ref: 0030852C
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00308549
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00308555
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                • API String ID: 799131459-1154884017
                                                                                                                                                                                                                • Opcode ID: 53e84271413ec3c3499944d0c5c67fdd84e6b51d7d19fa9e640b0fff43fb991f
                                                                                                                                                                                                                • Instruction ID: 3413833c3f17ebac5aa069e15418a09c4f6e18ed7d3457b151cba62a49d316a7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 53e84271413ec3c3499944d0c5c67fdd84e6b51d7d19fa9e640b0fff43fb991f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FE610F71510219BEEB16DF64CC91FBE77ACBB09B21F10460AF855D60D1DB74AA90CBA0
                                                                                                                                                                                                                Function 00277778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                • API String ID: 0-1645009161
                                                                                                                                                                                                                • Opcode ID: ae7a5efb2d74e5bef0c90593f10c83b122037e5b14c45ed855b7d4432a182691
                                                                                                                                                                                                                • Instruction ID: 757a95629e2da6ff4f0fca2c742ad018a4fb3fe13072467f7218262de214e022
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae7a5efb2d74e5bef0c90593f10c83b122037e5b14c45ed855b7d4432a182691
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9781F971635216BBDB25AF64CC52FEE77A8AF15340F048024FD08AA1D6EB70D971CB91
                                                                                                                                                                                                                Function 002E3E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CharLowerBuffW.USER32(?,?), ref: 002E3EF8
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002E3F03
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002E3F5A
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002E3F98
                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?), ref: 002E3FD6
                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 002E401E
                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 002E4059
                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 002E4087
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                • Opcode ID: 43082d4776a3f99fc46f6d7b4edcb3e72561337d06d383194b4cfcc6c3c8b499
                                                                                                                                                                                                                • Instruction ID: 4c8a59da95c0271fcff6c443562e56fa15ae15ef108be99448c16a2bcc64fdd4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 43082d4776a3f99fc46f6d7b4edcb3e72561337d06d383194b4cfcc6c3c8b499
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E71F2326243029FC710EF35C8818AAB7F4EF94764F50892DF89997251EB31DE55CB91
                                                                                                                                                                                                                Function 002D5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadIconW.USER32(00000063), ref: 002D5A2E
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 002D5A40
                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 002D5A57
                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 002D5A6C
                                                                                                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 002D5A72
                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 002D5A82
                                                                                                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 002D5A88
                                                                                                                                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 002D5AA9
                                                                                                                                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 002D5AC3
                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 002D5ACC
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002D5B33
                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 002D5B6F
                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 002D5B75
                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 002D5B7C
                                                                                                                                                                                                                • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 002D5BD3
                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 002D5BE0
                                                                                                                                                                                                                • PostMessageW.USER32(?,00000005,00000000,?), ref: 002D5C05
                                                                                                                                                                                                                • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 002D5C2F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 895679908-0
                                                                                                                                                                                                                • Opcode ID: 500120f28a43806da52ae31065a15876a06db5fa0cce4c1ed2b59c32a216d4fe
                                                                                                                                                                                                                • Instruction ID: 2d0ac11bf7619237d7ac415688b8a6b670a86fb16ce936b419bfddd8cfc3c0eb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 500120f28a43806da52ae31065a15876a06db5fa0cce4c1ed2b59c32a216d4fe
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8718031910B1A9FDB21DFA8CD45AAEBBF5FF48704F10461AE142A26A0D7B5ED50CF50
                                                                                                                                                                                                                Function 002EFE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F89), ref: 002EFE27
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F8A), ref: 002EFE32
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 002EFE3D
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F03), ref: 002EFE48
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F8B), ref: 002EFE53
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F01), ref: 002EFE5E
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F81), ref: 002EFE69
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F88), ref: 002EFE74
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F80), ref: 002EFE7F
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F86), ref: 002EFE8A
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F83), ref: 002EFE95
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F85), ref: 002EFEA0
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F82), ref: 002EFEAB
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F84), ref: 002EFEB6
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F04), ref: 002EFEC1
                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 002EFECC
                                                                                                                                                                                                                • GetCursorInfo.USER32(?), ref: 002EFEDC
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 002EFF1E
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215588206-0
                                                                                                                                                                                                                • Opcode ID: e3636ddbdbabe8ee1fa468f7861bb3cb098f4eb2b7021ecd72473de44a23616d
                                                                                                                                                                                                                • Instruction ID: e6276dbb898f4f22af3688d6dcae4b37a64fec0f71f5bda1b205b4886090a5da
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e3636ddbdbabe8ee1fa468f7861bb3cb098f4eb2b7021ecd72473de44a23616d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F14193B0D5531A6ADB10DFBA8C8985EBFE8FF04314B50812AF11CE7681DB78A801CF91
                                                                                                                                                                                                                Function 002D30F7 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 400COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcslen
                                                                                                                                                                                                                • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$[3
                                                                                                                                                                                                                • API String ID: 176396367-1609447016
                                                                                                                                                                                                                • Opcode ID: ad52d61b477ae4b409b5c8a78b11fd48eab5848862f7aa1a384aa690aa0dc076
                                                                                                                                                                                                                • Instruction ID: 328a48c0939898a09376242d828187f01fd9b1571b8823022567406326740d70
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ad52d61b477ae4b409b5c8a78b11fd48eab5848862f7aa1a384aa690aa0dc076
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 99E1E432A20517ABCB14DF68C8916EDFBB0BF54710F54811BE856E7380DB70AEA58B91
                                                                                                                                                                                                                Function 002900C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 002900C6
                                                                                                                                                                                                                  • Part of subcall function 002900ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0034070C,00000FA0,A0C06043,?,?,?,?,002B23B3,000000FF), ref: 0029011C
                                                                                                                                                                                                                  • Part of subcall function 002900ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,002B23B3,000000FF), ref: 00290127
                                                                                                                                                                                                                  • Part of subcall function 002900ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,002B23B3,000000FF), ref: 00290138
                                                                                                                                                                                                                  • Part of subcall function 002900ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0029014E
                                                                                                                                                                                                                  • Part of subcall function 002900ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0029015C
                                                                                                                                                                                                                  • Part of subcall function 002900ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0029016A
                                                                                                                                                                                                                  • Part of subcall function 002900ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00290195
                                                                                                                                                                                                                  • Part of subcall function 002900ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 002901A0
                                                                                                                                                                                                                • ___scrt_fastfail.LIBCMT ref: 002900E7
                                                                                                                                                                                                                  • Part of subcall function 002900A3: __onexit.LIBCMT ref: 002900A9
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • InitializeConditionVariable, xrefs: 00290148
                                                                                                                                                                                                                • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00290122
                                                                                                                                                                                                                • WakeAllConditionVariable, xrefs: 00290162
                                                                                                                                                                                                                • kernel32.dll, xrefs: 00290133
                                                                                                                                                                                                                • SleepConditionVariableCS, xrefs: 00290154
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                • API String ID: 66158676-1714406822
                                                                                                                                                                                                                • Opcode ID: f1054339985a5158474b693c19efdef8d9d2b5afe850c99280acaeee63f7e8f0
                                                                                                                                                                                                                • Instruction ID: 144f2e31a9131a8765bbe93b67c6a424a7852505c5e4576945859a74967cacd6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f1054339985a5158474b693c19efdef8d9d2b5afe850c99280acaeee63f7e8f0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC216B32672305AFDB266FA4AC99B6A37DCEF05B51F00023AF905E72D1DF709C008A90
                                                                                                                                                                                                                Function 002E44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CharLowerBuffW.USER32(00000000,00000000,0030CC08), ref: 002E4527
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002E453B
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002E4599
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002E45F4
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002E463F
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002E46A7
                                                                                                                                                                                                                  • Part of subcall function 0028F9F2: _wcslen.LIBCMT ref: 0028F9FD
                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?,00336BF0,00000061), ref: 002E4743
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                • Opcode ID: ea6506f00c260cc14f483cf95f2a2a9173d96d629ceed7b775fb4e589110ffbf
                                                                                                                                                                                                                • Instruction ID: eb7f7a52f7412164b62d6ef8152401e7d15c237901f8037e8f34426dea9aedeb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ea6506f00c260cc14f483cf95f2a2a9173d96d629ceed7b775fb4e589110ffbf
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 49B125316683429FC710EF2AC89196EF7E5BFA5720F90891DF49AC7291D730D864CB92
                                                                                                                                                                                                                Function 0030911E Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00289BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00289BB2
                                                                                                                                                                                                                • DragQueryPoint.SHELL32(?,?), ref: 00309147
                                                                                                                                                                                                                  • Part of subcall function 00307674: ClientToScreen.USER32(?,?), ref: 0030769A
                                                                                                                                                                                                                  • Part of subcall function 00307674: GetWindowRect.USER32(?,?), ref: 00307710
                                                                                                                                                                                                                  • Part of subcall function 00307674: PtInRect.USER32(?,?,00308B89), ref: 00307720
                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 003091B0
                                                                                                                                                                                                                • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 003091BB
                                                                                                                                                                                                                • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 003091DE
                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00309225
                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 0030923E
                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00309255
                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00309277
                                                                                                                                                                                                                • DragFinish.SHELL32(?), ref: 0030927E
                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00309371
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$p#4
                                                                                                                                                                                                                • API String ID: 221274066-1375590632
                                                                                                                                                                                                                • Opcode ID: 93dbfce34633c6b720f619ec341bfdc3ae81d553fb1f46552a541992c839f790
                                                                                                                                                                                                                • Instruction ID: 8e91a3b52a4b3043d61798100c471427d40efdfee39261bf9c983fbcaede5454
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 93dbfce34633c6b720f619ec341bfdc3ae81d553fb1f46552a541992c839f790
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74618971119300AFC702DF60DC95EAFBBE8FF89350F004A1EF595961A1DB30AA59CB52
                                                                                                                                                                                                                Function 0027326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetMenuItemCount.USER32(00341990), ref: 002B2F8D
                                                                                                                                                                                                                • GetMenuItemCount.USER32(00341990), ref: 002B303D
                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 002B3081
                                                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 002B308A
                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(00341990,00000000,?,00000000,00000000,00000000), ref: 002B309D
                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 002B30A9
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                • API String ID: 36266755-4108050209
                                                                                                                                                                                                                • Opcode ID: a2e7a6b38af2588e1881925ad395c78a82d08930f7bcadba1aa057c4c5dd29f2
                                                                                                                                                                                                                • Instruction ID: 4e2207afebcbc2dd22580abade19163d803a4556d6065b0be5fa69ed377d1bb1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a2e7a6b38af2588e1881925ad395c78a82d08930f7bcadba1aa057c4c5dd29f2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A671E670661206BEEB21DF25CC59FEABF68FF05364F204216F9186A1E1C7B1AD24DB50
                                                                                                                                                                                                                Function 00306CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • DestroyWindow.USER32(00000000,?), ref: 00306DEB
                                                                                                                                                                                                                  • Part of subcall function 00276B57: _wcslen.LIBCMT ref: 00276B6A
                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00306E5F
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00306E81
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00306E94
                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00306EB5
                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00270000,00000000), ref: 00306EE4
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00306EFD
                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00306F16
                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00306F1D
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00306F35
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00306F4D
                                                                                                                                                                                                                  • Part of subcall function 00289944: GetWindowLongW.USER32(?,000000EB), ref: 00289952
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                • String ID: 0$tooltips_class32
                                                                                                                                                                                                                • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                • Opcode ID: 154c54792fd9806c35d6ddec67e01300e70c6257c014e349eb09e32ab78c4884
                                                                                                                                                                                                                • Instruction ID: 72ff5639d678ae3481bd5d5a94c4a9765066a92101294eb91472429d5e511e3c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 154c54792fd9806c35d6ddec67e01300e70c6257c014e349eb09e32ab78c4884
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0C718974105345AFDB22CF18DC65FAABBE9FB89304F04091EF989872A1CB71A956CB11
                                                                                                                                                                                                                Function 002EC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 002EC4B0
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 002EC4C3
                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 002EC4D7
                                                                                                                                                                                                                • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 002EC4F0
                                                                                                                                                                                                                • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 002EC533
                                                                                                                                                                                                                • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 002EC549
                                                                                                                                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 002EC554
                                                                                                                                                                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 002EC584
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 002EC5DC
                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 002EC5F0
                                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 002EC5FB
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                • Opcode ID: 976c3c73e3269d87347804a64dff0bc1e3577ea147531bf42e051bdd4b86485c
                                                                                                                                                                                                                • Instruction ID: 4fc7b8c5658911ab2f98849eb66be22bdd41354c4d10427f265495c7ceb99006
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 976c3c73e3269d87347804a64dff0bc1e3577ea147531bf42e051bdd4b86485c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7151AEB0160349BFDB228FA2C858AAB7BFCFF08744F90451AF945A6250DB30E915DF60
                                                                                                                                                                                                                Function 0030856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 00308592
                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000), ref: 003085A2
                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000), ref: 003085AD
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 003085BA
                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 003085C8
                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 003085D7
                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 003085E0
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 003085E7
                                                                                                                                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 003085F8
                                                                                                                                                                                                                • OleLoadPicture.OLEAUT32(?,00000000,00000000,0030FC38,?), ref: 00308611
                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00308621
                                                                                                                                                                                                                • GetObjectW.GDI32(?,00000018,000000FF), ref: 00308641
                                                                                                                                                                                                                • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00308671
                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00308699
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 003086AF
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3840717409-0
                                                                                                                                                                                                                • Opcode ID: bcc7543f1b3d140c4dc0334748f9f61232f18f509893cfc7bc64a28a9bbee918
                                                                                                                                                                                                                • Instruction ID: 923fe57866379f68d59ec695a5f0adfd36f957b45490c8a27c7439363135f776
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bcc7543f1b3d140c4dc0334748f9f61232f18f509893cfc7bc64a28a9bbee918
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E0414975612208EFDB129FA5CC98EAA7BBCFF89711F118159F905E72A0DB319D01CB20
                                                                                                                                                                                                                Function 002E14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • VariantInit.OLEAUT32(00000000), ref: 002E1502
                                                                                                                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 002E150B
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 002E1517
                                                                                                                                                                                                                • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 002E15FB
                                                                                                                                                                                                                • VarR8FromDec.OLEAUT32(?,?), ref: 002E1657
                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 002E1708
                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 002E178C
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 002E17D8
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 002E17E7
                                                                                                                                                                                                                • VariantInit.OLEAUT32(00000000), ref: 002E1823
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                • Opcode ID: a5b27a522ce3b7fb64e7e051554c9138c6842c121c925dd85396da1e264294f8
                                                                                                                                                                                                                • Instruction ID: d2f1fdfeff4cde6cfea5c803a0a3957859e26b40bbc5313e5ca3f17bb3d579c4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5b27a522ce3b7fb64e7e051554c9138c6842c121c925dd85396da1e264294f8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 73D13471A60141DBDB00AF66D885BBDB7B5BF45700FA0816AF806AB184DB70EC71DF51
                                                                                                                                                                                                                Function 002FB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00279CB3: _wcslen.LIBCMT ref: 00279CBD
                                                                                                                                                                                                                  • Part of subcall function 002FC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,002FB6AE,?,?), ref: 002FC9B5
                                                                                                                                                                                                                  • Part of subcall function 002FC998: _wcslen.LIBCMT ref: 002FC9F1
                                                                                                                                                                                                                  • Part of subcall function 002FC998: _wcslen.LIBCMT ref: 002FCA68
                                                                                                                                                                                                                  • Part of subcall function 002FC998: _wcslen.LIBCMT ref: 002FCA9E
                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 002FB6F4
                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 002FB772
                                                                                                                                                                                                                • RegDeleteValueW.ADVAPI32(?,?), ref: 002FB80A
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 002FB87E
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 002FB89C
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(advapi32.dll), ref: 002FB8F2
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 002FB904
                                                                                                                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 002FB922
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 002FB983
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 002FB994
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                • API String ID: 146587525-4033151799
                                                                                                                                                                                                                • Opcode ID: a533833e69884e1a7070e4530251ff979e1ae162af20ac07f22dc259ebf8df60
                                                                                                                                                                                                                • Instruction ID: a160ea38755236039940ae9374d0be6a49bb25a49fb827408df26f5afcb42e45
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a533833e69884e1a7070e4530251ff979e1ae162af20ac07f22dc259ebf8df60
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 85C19D31224206AFD711DF24C495F2AFBE5BF84358F14856CE65A8B2A2CB71EC55CF81
                                                                                                                                                                                                                Function 002F255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 002F25D8
                                                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 002F25E8
                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 002F25F4
                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 002F2601
                                                                                                                                                                                                                • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 002F266D
                                                                                                                                                                                                                • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 002F26AC
                                                                                                                                                                                                                • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 002F26D0
                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 002F26D8
                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 002F26E1
                                                                                                                                                                                                                • DeleteDC.GDI32(?), ref: 002F26E8
                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,?), ref: 002F26F3
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                • String ID: (
                                                                                                                                                                                                                • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                • Opcode ID: 5cee00e93a8727ed5cc38d217fddd81b77b859c7feacc02af2f61d64e85e043f
                                                                                                                                                                                                                • Instruction ID: d86cb5294b5a258443484a978da42d722a554d31040f419095de34667d420ff0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5cee00e93a8727ed5cc38d217fddd81b77b859c7feacc02af2f61d64e85e043f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A611275D11219EFCF05CFA4C984EAEBBB9FF48310F20852AEA55A7250D770A951CF50
                                                                                                                                                                                                                Function 002ADA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ___free_lconv_mon.LIBCMT ref: 002ADAA1
                                                                                                                                                                                                                  • Part of subcall function 002AD63C: _free.LIBCMT ref: 002AD659
                                                                                                                                                                                                                  • Part of subcall function 002AD63C: _free.LIBCMT ref: 002AD66B
                                                                                                                                                                                                                  • Part of subcall function 002AD63C: _free.LIBCMT ref: 002AD67D
                                                                                                                                                                                                                  • Part of subcall function 002AD63C: _free.LIBCMT ref: 002AD68F
                                                                                                                                                                                                                  • Part of subcall function 002AD63C: _free.LIBCMT ref: 002AD6A1
                                                                                                                                                                                                                  • Part of subcall function 002AD63C: _free.LIBCMT ref: 002AD6B3
                                                                                                                                                                                                                  • Part of subcall function 002AD63C: _free.LIBCMT ref: 002AD6C5
                                                                                                                                                                                                                  • Part of subcall function 002AD63C: _free.LIBCMT ref: 002AD6D7
                                                                                                                                                                                                                  • Part of subcall function 002AD63C: _free.LIBCMT ref: 002AD6E9
                                                                                                                                                                                                                  • Part of subcall function 002AD63C: _free.LIBCMT ref: 002AD6FB
                                                                                                                                                                                                                  • Part of subcall function 002AD63C: _free.LIBCMT ref: 002AD70D
                                                                                                                                                                                                                  • Part of subcall function 002AD63C: _free.LIBCMT ref: 002AD71F
                                                                                                                                                                                                                  • Part of subcall function 002AD63C: _free.LIBCMT ref: 002AD731
                                                                                                                                                                                                                • _free.LIBCMT ref: 002ADA96
                                                                                                                                                                                                                  • Part of subcall function 002A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,002AD7D1,00000000,00000000,00000000,00000000,?,002AD7F8,00000000,00000007,00000000,?,002ADBF5,00000000), ref: 002A29DE
                                                                                                                                                                                                                  • Part of subcall function 002A29C8: GetLastError.KERNEL32(00000000,?,002AD7D1,00000000,00000000,00000000,00000000,?,002AD7F8,00000000,00000007,00000000,?,002ADBF5,00000000,00000000), ref: 002A29F0
                                                                                                                                                                                                                • _free.LIBCMT ref: 002ADAB8
                                                                                                                                                                                                                • _free.LIBCMT ref: 002ADACD
                                                                                                                                                                                                                • _free.LIBCMT ref: 002ADAD8
                                                                                                                                                                                                                • _free.LIBCMT ref: 002ADAFA
                                                                                                                                                                                                                • _free.LIBCMT ref: 002ADB0D
                                                                                                                                                                                                                • _free.LIBCMT ref: 002ADB1B
                                                                                                                                                                                                                • _free.LIBCMT ref: 002ADB26
                                                                                                                                                                                                                • _free.LIBCMT ref: 002ADB5E
                                                                                                                                                                                                                • _free.LIBCMT ref: 002ADB65
                                                                                                                                                                                                                • _free.LIBCMT ref: 002ADB82
                                                                                                                                                                                                                • _free.LIBCMT ref: 002ADB9A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 161543041-0
                                                                                                                                                                                                                • Opcode ID: 73feacc6facdfd716bc9ea58591593400a5a943f868cfb8a193008e8c8ad0f0b
                                                                                                                                                                                                                • Instruction ID: 64cb3a89a9479358fbc90aa69e98f1c7b20043dc4ad975cdde1e8d5c79931702
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 73feacc6facdfd716bc9ea58591593400a5a943f868cfb8a193008e8c8ad0f0b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 09316B31664306DFEB62AE38E845B5BB7E8FF02710F215819E44AD7592DF30AC648B21
                                                                                                                                                                                                                Function 002D365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 002D369C
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002D36A7
                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 002D3797
                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 002D380C
                                                                                                                                                                                                                • GetDlgCtrlID.USER32(?), ref: 002D385D
                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 002D3882
                                                                                                                                                                                                                • GetParent.USER32(?), ref: 002D38A0
                                                                                                                                                                                                                • ScreenToClient.USER32(00000000), ref: 002D38A7
                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 002D3921
                                                                                                                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 002D395D
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                • String ID: %s%u
                                                                                                                                                                                                                • API String ID: 4010501982-679674701
                                                                                                                                                                                                                • Opcode ID: 68a3e3e99f4ece439e1fd6be40732bc207b30c0cd9e0d7ea22ccb86b41e4593f
                                                                                                                                                                                                                • Instruction ID: 5144a7008407d5913ac9a1f6ba014ef11a3eaad9257367f45f9ba8db4a789bfb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 68a3e3e99f4ece439e1fd6be40732bc207b30c0cd9e0d7ea22ccb86b41e4593f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7491A571224607AFD715DF24C895BEAF7A8FF44350F00462AF999D2290DB30EE65CB92
                                                                                                                                                                                                                Function 002D4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 002D4994
                                                                                                                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 002D49DA
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002D49EB
                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,00000000), ref: 002D49F7
                                                                                                                                                                                                                • _wcsstr.LIBVCRUNTIME ref: 002D4A2C
                                                                                                                                                                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 002D4A64
                                                                                                                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 002D4A9D
                                                                                                                                                                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 002D4AE6
                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 002D4B20
                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 002D4B8B
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                • String ID: ThumbnailClass
                                                                                                                                                                                                                • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                • Opcode ID: 8ed1af54af4e3178ff1dea7e3f4dbfe88f6a16b3d390106222389f16b1731dc2
                                                                                                                                                                                                                • Instruction ID: b398ceda0bb77f586c298838c5bc091844ed1cb38344cebdf0d1c1e605a1b194
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8ed1af54af4e3178ff1dea7e3f4dbfe88f6a16b3d390106222389f16b1731dc2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C591EF3142420A9FDB05EF10C885FAA77E8FF54308F04856BFD859A296DB30ED65CBA1
                                                                                                                                                                                                                Function 002DBF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(00341990,000000FF,00000000,00000030), ref: 002DBFAC
                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(00341990,00000004,00000000,00000030), ref: 002DBFE1
                                                                                                                                                                                                                • Sleep.KERNEL32(000001F4), ref: 002DBFF3
                                                                                                                                                                                                                • GetMenuItemCount.USER32(?), ref: 002DC039
                                                                                                                                                                                                                • GetMenuItemID.USER32(?,00000000), ref: 002DC056
                                                                                                                                                                                                                • GetMenuItemID.USER32(?,-00000001), ref: 002DC082
                                                                                                                                                                                                                • GetMenuItemID.USER32(?,?), ref: 002DC0C9
                                                                                                                                                                                                                • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 002DC10F
                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 002DC124
                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 002DC145
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                • API String ID: 1460738036-4108050209
                                                                                                                                                                                                                • Opcode ID: 6f7b276462cb596ea6ccf529ad331c49c1fcc238abbd09230245ea96d3bc962c
                                                                                                                                                                                                                • Instruction ID: 523b8e1f3b38031a533219511bcdc95c893d4a7ca756c1e3f1b2c289ce8350eb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f7b276462cb596ea6ccf529ad331c49c1fcc238abbd09230245ea96d3bc962c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3618DB492025BEFDF26CF64DC98AAE7BB8EB05344F204156F805A3391C771AD64CB60
                                                                                                                                                                                                                Function 002FCC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 002FCC64
                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 002FCC8D
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 002FCD48
                                                                                                                                                                                                                  • Part of subcall function 002FCC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 002FCCAA
                                                                                                                                                                                                                  • Part of subcall function 002FCC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 002FCCBD
                                                                                                                                                                                                                  • Part of subcall function 002FCC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 002FCCCF
                                                                                                                                                                                                                  • Part of subcall function 002FCC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 002FCD05
                                                                                                                                                                                                                  • Part of subcall function 002FCC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 002FCD28
                                                                                                                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 002FCCF3
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                • Opcode ID: f2a142ea683e968dbcffc7045d5d9e6bf1cd99c5b15164dddf63b3b165919403
                                                                                                                                                                                                                • Instruction ID: c3fb9586003be8ab585aa851bcf761cf0fc55e7f8f38c526ae034dfe9b492409
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f2a142ea683e968dbcffc7045d5d9e6bf1cd99c5b15164dddf63b3b165919403
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13318EB191212DBBDB218F54DD98EFFFB7CEF45790F100176EA06E2240DA709A45DAA0
                                                                                                                                                                                                                Function 002E3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 002E3D40
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002E3D6D
                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 002E3D9D
                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 002E3DBE
                                                                                                                                                                                                                • RemoveDirectoryW.KERNEL32(?), ref: 002E3DCE
                                                                                                                                                                                                                • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 002E3E55
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 002E3E60
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 002E3E6B
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                • String ID: :$\$\??\%s
                                                                                                                                                                                                                • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                • Opcode ID: a5943d085cf86e6476b4e970c0231ab9cc08614091d923ce63e8daf48616978c
                                                                                                                                                                                                                • Instruction ID: c656a15f80c1d5a265ca5c5f302ebbbf289149ff49c2cf099f16820c150d1059
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5943d085cf86e6476b4e970c0231ab9cc08614091d923ce63e8daf48616978c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D531EF7296024AABDB21DFA1CC48FEB37BCEF89701F5041A6F508D20A0EB7497548B24
                                                                                                                                                                                                                Function 002DE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • timeGetTime.WINMM ref: 002DE6B4
                                                                                                                                                                                                                  • Part of subcall function 0028E551: timeGetTime.WINMM(?,?,002DE6D4), ref: 0028E555
                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A), ref: 002DE6E1
                                                                                                                                                                                                                • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 002DE705
                                                                                                                                                                                                                • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 002DE727
                                                                                                                                                                                                                • SetActiveWindow.USER32 ref: 002DE746
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 002DE754
                                                                                                                                                                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 002DE773
                                                                                                                                                                                                                • Sleep.KERNEL32(000000FA), ref: 002DE77E
                                                                                                                                                                                                                • IsWindow.USER32 ref: 002DE78A
                                                                                                                                                                                                                • EndDialog.USER32(00000000), ref: 002DE79B
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                • String ID: BUTTON
                                                                                                                                                                                                                • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                • Opcode ID: 000da819326f4725244c5d92a361b01f68b2ea24949b7f61a83fc1ea229d7eef
                                                                                                                                                                                                                • Instruction ID: fa135f585ed2336249bde540ccb0505e69ae85242c179fd7dd31621b2b893e55
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 000da819326f4725244c5d92a361b01f68b2ea24949b7f61a83fc1ea229d7eef
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5921D4B8221205AFFF126F20EC99A377B6DF716348F421527F445992A1DFB5BC108A61
                                                                                                                                                                                                                Function 002DE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00279CB3: _wcslen.LIBCMT ref: 00279CBD
                                                                                                                                                                                                                • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 002DEA5D
                                                                                                                                                                                                                • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 002DEA73
                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 002DEA84
                                                                                                                                                                                                                • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 002DEA96
                                                                                                                                                                                                                • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 002DEAA7
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: SendString$_wcslen
                                                                                                                                                                                                                • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                • Opcode ID: 8001a5ae916050f6378f69b96690eec3ebdc448392ab768aca4b9a033c20e399
                                                                                                                                                                                                                • Instruction ID: 62e1c35d476866f05626ab4ae19aa982c4700ea26b56aefc43e9e0c2df14c824
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8001a5ae916050f6378f69b96690eec3ebdc448392ab768aca4b9a033c20e399
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F0115131AA021A7DDB21F7A1DC8BEFF6A7CEBD1B00F01442AB415A60D1EBB00D55C9B0
                                                                                                                                                                                                                Function 002D9F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 002DA012
                                                                                                                                                                                                                • SetKeyboardState.USER32(?), ref: 002DA07D
                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A0), ref: 002DA09D
                                                                                                                                                                                                                • GetKeyState.USER32(000000A0), ref: 002DA0B4
                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A1), ref: 002DA0E3
                                                                                                                                                                                                                • GetKeyState.USER32(000000A1), ref: 002DA0F4
                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000011), ref: 002DA120
                                                                                                                                                                                                                • GetKeyState.USER32(00000011), ref: 002DA12E
                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000012), ref: 002DA157
                                                                                                                                                                                                                • GetKeyState.USER32(00000012), ref: 002DA165
                                                                                                                                                                                                                • GetAsyncKeyState.USER32(0000005B), ref: 002DA18E
                                                                                                                                                                                                                • GetKeyState.USER32(0000005B), ref: 002DA19C
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: State$Async$Keyboard
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 541375521-0
                                                                                                                                                                                                                • Opcode ID: ef270c253bfe5c05f598c9c8c5be5ee13c67dc0be2a1bbbd27f6841ba98e6ecf
                                                                                                                                                                                                                • Instruction ID: 749bc67502d32978db18d17654806f5e8b824a992ad5ee0de135f51cb0f099bd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ef270c253bfe5c05f598c9c8c5be5ee13c67dc0be2a1bbbd27f6841ba98e6ecf
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E510B2092478929FB35EF708815BEABFB49F12340F08458BD5C6577C2DA54DE9CCB62
                                                                                                                                                                                                                Function 002D5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 002D5CE2
                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 002D5CFB
                                                                                                                                                                                                                • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 002D5D59
                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000002), ref: 002D5D69
                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 002D5D7B
                                                                                                                                                                                                                • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 002D5DCF
                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 002D5DDD
                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 002D5DEF
                                                                                                                                                                                                                • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 002D5E31
                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 002D5E44
                                                                                                                                                                                                                • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 002D5E5A
                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 002D5E67
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3096461208-0
                                                                                                                                                                                                                • Opcode ID: 0b823039c3da6072968624eb38c2a7c6c14302c498ea2c650f726ab6b3595745
                                                                                                                                                                                                                • Instruction ID: 1c328218eb56934770d407025e97b2321acd9edc2a666543a8c848eb926abc8f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b823039c3da6072968624eb38c2a7c6c14302c498ea2c650f726ab6b3595745
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84512170B10619AFDF19DF68CD99AAE7BB9FB48300F14822AF515E7290D7709E10CB60
                                                                                                                                                                                                                Function 00288BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00288F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00288BE8,?,00000000,?,?,?,?,00288BBA,00000000,?), ref: 00288FC5
                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00288C81
                                                                                                                                                                                                                • KillTimer.USER32(00000000,?,?,?,?,00288BBA,00000000,?), ref: 00288D1B
                                                                                                                                                                                                                • DestroyAcceleratorTable.USER32(00000000), ref: 002C6973
                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00288BBA,00000000,?), ref: 002C69A1
                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00288BBA,00000000,?), ref: 002C69B8
                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00288BBA,00000000), ref: 002C69D4
                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 002C69E6
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 641708696-0
                                                                                                                                                                                                                • Opcode ID: 8a1633ab003795a854b4c1608b72a9dc00708a779bbfc1f1d4eaa9879206fceb
                                                                                                                                                                                                                • Instruction ID: cb3a78d5fa50f6e3b16c9a7d983172c00ba0b673d23390b9b86032708e7fc9b9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8a1633ab003795a854b4c1608b72a9dc00708a779bbfc1f1d4eaa9879206fceb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0A619C39123A01DFDB2AAF24D958B2577F5FB41312F54461EE0429A9A4CB71BCE0CF90
                                                                                                                                                                                                                Function 00289838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00289944: GetWindowLongW.USER32(?,000000EB), ref: 00289952
                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00289862
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ColorLongWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 259745315-0
                                                                                                                                                                                                                • Opcode ID: 67b6a1b3dca45f93927d7e1562c4708f0e8b77f0f00f274cf8371292ef918e6c
                                                                                                                                                                                                                • Instruction ID: 7fd886dc2f1e5f026dc547e34a68b088e206217f8376c4d1adbc95a32cb779a3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 67b6a1b3dca45f93927d7e1562c4708f0e8b77f0f00f274cf8371292ef918e6c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3841E9351266419FDB216F389C54BB93769FB06370F184709F9A2871E1C7319C92DB10
                                                                                                                                                                                                                Function 002A8D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: .)
                                                                                                                                                                                                                • API String ID: 0-3944007330
                                                                                                                                                                                                                • Opcode ID: ec5ee3fd667c773601eee21b68bd6aed6e2791904af5a51d2401234885d55f98
                                                                                                                                                                                                                • Instruction ID: 96361daec6e72491d61138e79d7cd6c2f27b934c386517204d7ce06f64e7b0ac
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ec5ee3fd667c773601eee21b68bd6aed6e2791904af5a51d2401234885d55f98
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E8C1E374E2424A9FCF11DFA9C841BADBBB4AF0B310F144099F914AB292CF709991CF61
                                                                                                                                                                                                                Function 002D96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,002BF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 002D9717
                                                                                                                                                                                                                • LoadStringW.USER32(00000000,?,002BF7F8,00000001), ref: 002D9720
                                                                                                                                                                                                                  • Part of subcall function 00279CB3: _wcslen.LIBCMT ref: 00279CBD
                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,002BF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 002D9742
                                                                                                                                                                                                                • LoadStringW.USER32(00000000,?,002BF7F8,00000001), ref: 002D9745
                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 002D9866
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                • API String ID: 747408836-2268648507
                                                                                                                                                                                                                • Opcode ID: 49e0dee93e7a8e817f3fe66a296a2013d100ac806a68d90796a4b83fae2f52e4
                                                                                                                                                                                                                • Instruction ID: 67a5384c3ebdf6a012728fc7664e9a347ae6c8256458a44562f95683f822f508
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49e0dee93e7a8e817f3fe66a296a2013d100ac806a68d90796a4b83fae2f52e4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F415E72820209AACF15FBE0CD97DEE7378AF15740F504166F60972192EA356FA8CF61
                                                                                                                                                                                                                Function 002D06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00276B57: _wcslen.LIBCMT ref: 00276B6A
                                                                                                                                                                                                                • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 002D07A2
                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 002D07BE
                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 002D07DA
                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 002D0804
                                                                                                                                                                                                                • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 002D082C
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 002D0837
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 002D083C
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                • API String ID: 323675364-22481851
                                                                                                                                                                                                                • Opcode ID: 1a0b1240d05d7b1e7320522f57a84cc4650ede18b0d34b07b6693007633383a4
                                                                                                                                                                                                                • Instruction ID: e676e3d0af9c0bea08ccc9c97166e5b21b5da389728417b4df22f8508a7f3f0a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1a0b1240d05d7b1e7320522f57a84cc4650ede18b0d34b07b6693007633383a4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9B410772821229ABDF11EFA4DC95DEDB778BF44350F04816AE905A71A1EB309E54CF90
                                                                                                                                                                                                                Function 00303F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 0030403B
                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 00304042
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00304055
                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 0030405D
                                                                                                                                                                                                                • GetPixel.GDI32(00000000,00000000,00000000), ref: 00304068
                                                                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 00304072
                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 0030407C
                                                                                                                                                                                                                • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00304092
                                                                                                                                                                                                                • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 0030409E
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                                                                                • String ID: static
                                                                                                                                                                                                                • API String ID: 2559357485-2160076837
                                                                                                                                                                                                                • Opcode ID: 9c1fe1d71b6ec2a7a5712ba5fda3e438ee533169f7d3feaa90ecc58de59fe340
                                                                                                                                                                                                                • Instruction ID: e09ab52fe6033d664ed4f9107822b10ef1e1216f6d5619ea4ea7ec474dea9e1d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9c1fe1d71b6ec2a7a5712ba5fda3e438ee533169f7d3feaa90ecc58de59fe340
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84316972112219ABDF229FA4CC18FDA3B6CEF0D320F110311FA18A60E0C775D821DB50
                                                                                                                                                                                                                Function 002F3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 002F3C5C
                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 002F3C8A
                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 002F3C94
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002F3D2D
                                                                                                                                                                                                                • GetRunningObjectTable.OLE32(00000000,?), ref: 002F3DB1
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001,00000029), ref: 002F3ED5
                                                                                                                                                                                                                • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 002F3F0E
                                                                                                                                                                                                                • CoGetObject.OLE32(?,00000000,0030FB98,?), ref: 002F3F2D
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000), ref: 002F3F40
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 002F3FC4
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 002F3FD8
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 429561992-0
                                                                                                                                                                                                                • Opcode ID: 60f046d531ed77ec181d29e7477620f35cfd24bcf08ddf35317020da93896b99
                                                                                                                                                                                                                • Instruction ID: 5ece1520c3443ca98cdd23835477cdc07854339f59b4ca043c359cba4f18e181
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 60f046d531ed77ec181d29e7477620f35cfd24bcf08ddf35317020da93896b99
                                                                                                                                                                                                                • Instruction Fuzzy Hash: ECC168716283059FD700DF68C88492BB7E9FF89784F10492DFA8A9B250D770EE55CB52
                                                                                                                                                                                                                Function 002E7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 002E7AF3
                                                                                                                                                                                                                • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 002E7B8F
                                                                                                                                                                                                                • SHGetDesktopFolder.SHELL32(?), ref: 002E7BA3
                                                                                                                                                                                                                • CoCreateInstance.OLE32(0030FD08,00000000,00000001,00336E6C,?), ref: 002E7BEF
                                                                                                                                                                                                                • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 002E7C74
                                                                                                                                                                                                                • CoTaskMemFree.OLE32(?,?), ref: 002E7CCC
                                                                                                                                                                                                                • SHBrowseForFolderW.SHELL32(?), ref: 002E7D57
                                                                                                                                                                                                                • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 002E7D7A
                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 002E7D81
                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 002E7DD6
                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 002E7DDC
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2762341140-0
                                                                                                                                                                                                                • Opcode ID: 5a2fc649c0fb6a8a31ff48abbc08faae24c0d30e24790494d89e892a829020c7
                                                                                                                                                                                                                • Instruction ID: 8b333bc4faeeb8d80768c31c28340f060bb2b61b5c36f9a8013c499d40ffe85a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5a2fc649c0fb6a8a31ff48abbc08faae24c0d30e24790494d89e892a829020c7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 90C14A75A10249AFCB14DFA5C884DAEBBF9FF48304B148199E80ADB261D730EE51CF90
                                                                                                                                                                                                                Function 0030541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00305504
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00305515
                                                                                                                                                                                                                • CharNextW.USER32(00000158), ref: 00305544
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00305585
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0030559B
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 003055AC
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$CharNext
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1350042424-0
                                                                                                                                                                                                                • Opcode ID: 6f119c27fa32eab60dc5816e2d38d299cb87801e2a2f846b7659c2b1cb680bc7
                                                                                                                                                                                                                • Instruction ID: c5c9e3ed41dbc3e342b697886daffda7a4caaf1b099ad6ba2ab6448a8a9a8086
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f119c27fa32eab60dc5816e2d38d299cb87801e2a2f846b7659c2b1cb680bc7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6161AC34906608ABDF228F55CCA4DFF7BBDEB0A321F144145F925AA2D0D7709A81DF60
                                                                                                                                                                                                                Function 002CFA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 002CFAAF
                                                                                                                                                                                                                • SafeArrayAllocData.OLEAUT32(?), ref: 002CFB08
                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 002CFB1A
                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(?,?), ref: 002CFB3A
                                                                                                                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 002CFB8D
                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 002CFBA1
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 002CFBB6
                                                                                                                                                                                                                • SafeArrayDestroyData.OLEAUT32(?), ref: 002CFBC3
                                                                                                                                                                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 002CFBCC
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 002CFBDE
                                                                                                                                                                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 002CFBE9
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2706829360-0
                                                                                                                                                                                                                • Opcode ID: cea1a4d030becb08cde81d06de45e5d9935a771b30b2faecd6d1a6c9eba6ae73
                                                                                                                                                                                                                • Instruction ID: 7892bd57fc5af2098eb8b191de800fdcaa007e1160a57bb6bcc4489657af0f4f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cea1a4d030becb08cde81d06de45e5d9935a771b30b2faecd6d1a6c9eba6ae73
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 70416035A102199FCB01DF65C864EEEBBBAFF48344F00816AF945A7261DB30AD55CFA0
                                                                                                                                                                                                                Function 002D9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 002D9CA1
                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A0), ref: 002D9D22
                                                                                                                                                                                                                • GetKeyState.USER32(000000A0), ref: 002D9D3D
                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A1), ref: 002D9D57
                                                                                                                                                                                                                • GetKeyState.USER32(000000A1), ref: 002D9D6C
                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000011), ref: 002D9D84
                                                                                                                                                                                                                • GetKeyState.USER32(00000011), ref: 002D9D96
                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000012), ref: 002D9DAE
                                                                                                                                                                                                                • GetKeyState.USER32(00000012), ref: 002D9DC0
                                                                                                                                                                                                                • GetAsyncKeyState.USER32(0000005B), ref: 002D9DD8
                                                                                                                                                                                                                • GetKeyState.USER32(0000005B), ref: 002D9DEA
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: State$Async$Keyboard
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 541375521-0
                                                                                                                                                                                                                • Opcode ID: 437f138dcb230763cbc096d76720e606ffd6f30dbcbece5194ed44e7d7cd9ddb
                                                                                                                                                                                                                • Instruction ID: 0fe7cf53f526269bd6eed06e2479fadccaa29547890e93c3b778a550bd538820
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 437f138dcb230763cbc096d76720e606ffd6f30dbcbece5194ed44e7d7cd9ddb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC41F9345247CB69FF31AF6488043B5BEA16F16304F04805BEAC6563C2DBA59DE4C792
                                                                                                                                                                                                                Function 002F055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • WSAStartup.WSOCK32(00000101,?), ref: 002F05BC
                                                                                                                                                                                                                • inet_addr.WSOCK32(?), ref: 002F061C
                                                                                                                                                                                                                • gethostbyname.WSOCK32(?), ref: 002F0628
                                                                                                                                                                                                                • IcmpCreateFile.IPHLPAPI ref: 002F0636
                                                                                                                                                                                                                • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 002F06C6
                                                                                                                                                                                                                • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 002F06E5
                                                                                                                                                                                                                • IcmpCloseHandle.IPHLPAPI(?), ref: 002F07B9
                                                                                                                                                                                                                • WSACleanup.WSOCK32 ref: 002F07BF
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                • String ID: Ping
                                                                                                                                                                                                                • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                • Opcode ID: 800e5afe131cf0686cc20517736de70237ec49e3d0e84a33cbf6b973179b0fc4
                                                                                                                                                                                                                • Instruction ID: 59535742cb64ce700e6a9c2be461e35f027ef3a04a076e15d38b1bff809e6ff5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 800e5afe131cf0686cc20517736de70237ec49e3d0e84a33cbf6b973179b0fc4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D918C746282029FD720DF25C4C8F2AFBE4AF44358F1485A9E5698B7A2C770EC51CF91
                                                                                                                                                                                                                Function 002F8CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                • API String ID: 707087890-567219261
                                                                                                                                                                                                                • Opcode ID: 8fbb8e20a6bdcd6ed22a0892e67c7a6eaeb5bea6fa815b5a9e0d251219b535a0
                                                                                                                                                                                                                • Instruction ID: 0cf49a446231b66bc02fffe74fcc0fddad380772aa82a05c3fa287904ceac8e2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8fbb8e20a6bdcd6ed22a0892e67c7a6eaeb5bea6fa815b5a9e0d251219b535a0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 42519232A2451B9BCF14DF68C9518BEF7A5BF657A0B204239F616E7284DB30DD60CB90
                                                                                                                                                                                                                Function 002F372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CoInitialize.OLE32 ref: 002F3774
                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 002F377F
                                                                                                                                                                                                                • CoCreateInstance.OLE32(?,00000000,00000017,0030FB78,?), ref: 002F37D9
                                                                                                                                                                                                                • IIDFromString.OLE32(?,?), ref: 002F384C
                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 002F38E4
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 002F3936
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                • API String ID: 636576611-1287834457
                                                                                                                                                                                                                • Opcode ID: 5777088cff6fea775ab16ca17042f81d1e0153c0d8cfbb8fa8a85ab393f872f0
                                                                                                                                                                                                                • Instruction ID: 95edfae43b1409aded4ab49e13791058e585a397c77add5bdca0e38ec054114b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5777088cff6fea775ab16ca17042f81d1e0153c0d8cfbb8fa8a85ab393f872f0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D61C470628305AFD311EF54C888F6AF7E8EF45790F104929FA859B291C774EE58CB92
                                                                                                                                                                                                                Function 002E3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 002E33CF
                                                                                                                                                                                                                  • Part of subcall function 00279CB3: _wcslen.LIBCMT ref: 00279CBD
                                                                                                                                                                                                                • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 002E33F0
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: LoadString$_wcslen
                                                                                                                                                                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                • Opcode ID: e5a0290df55da3b6e95d42a2dfd6878e5ba7582e7f98c017ef50ac86ffaffb1e
                                                                                                                                                                                                                • Instruction ID: 43809320ccec5ab61287d263224ead051eb723a4ee196a97cf9be9c916f606a1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e5a0290df55da3b6e95d42a2dfd6878e5ba7582e7f98c017ef50ac86ffaffb1e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E51A371860609AADF16EBA0CD47DEEB378AF18340F508165F50973192EB312FA8DF61
                                                                                                                                                                                                                Function 002DB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                • API String ID: 1256254125-769500911
                                                                                                                                                                                                                • Opcode ID: 59a9aa0d94ebd49661d5dc8ca4acb208559b4034281e81ec3fac3b5440dffdfa
                                                                                                                                                                                                                • Instruction ID: 757a01b42f9b580ed7e1063f2f364267191ce96a6bfc6727763b159b3adcb966
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 59a9aa0d94ebd49661d5dc8ca4acb208559b4034281e81ec3fac3b5440dffdfa
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA41E832A20027DBCB116F7D88A15BEB7A9AF61754B26412BE461D7384E731CD91C7D0
                                                                                                                                                                                                                Function 002E5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 002E53A0
                                                                                                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 002E5416
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 002E5420
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,READY), ref: 002E54A7
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                • API String ID: 4194297153-14809454
                                                                                                                                                                                                                • Opcode ID: 6adf880dd9c2c7277e65e7fdaf0e2f7588171953c4137ef4d6858d5789d5c726
                                                                                                                                                                                                                • Instruction ID: fd7caf18cb493a411f7877a38013241aa9b2ccf5225d6a5e40a95e303816bdf5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6adf880dd9c2c7277e65e7fdaf0e2f7588171953c4137ef4d6858d5789d5c726
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 05310339A306559FC701DF69C485AAABBF8FF04309F54C06AE405CB292D770DD92CB90
                                                                                                                                                                                                                Function 00303C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateMenu.USER32 ref: 00303C79
                                                                                                                                                                                                                • SetMenu.USER32(?,00000000), ref: 00303C88
                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00303D10
                                                                                                                                                                                                                • IsMenu.USER32(?), ref: 00303D24
                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 00303D2E
                                                                                                                                                                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00303D5B
                                                                                                                                                                                                                • DrawMenuBar.USER32 ref: 00303D63
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                • String ID: 0$F
                                                                                                                                                                                                                • API String ID: 161812096-3044882817
                                                                                                                                                                                                                • Opcode ID: d9aba3bdd7ba9124b8c2377c37f2f4ef8741b4a7604e86081d50a9615c8a1bca
                                                                                                                                                                                                                • Instruction ID: 8fe0dba743e409fc3226078a4d025591f40911fa7afc73db0db673deca5adc31
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d9aba3bdd7ba9124b8c2377c37f2f4ef8741b4a7604e86081d50a9615c8a1bca
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DF419C79A02209EFDB15CF64D864AAA7BB9FF4A310F140129F906973A0D730AA10CF94
                                                                                                                                                                                                                Function 002D1EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00279CB3: _wcslen.LIBCMT ref: 00279CBD
                                                                                                                                                                                                                  • Part of subcall function 002D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 002D3CCA
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 002D1F64
                                                                                                                                                                                                                • GetDlgCtrlID.USER32 ref: 002D1F6F
                                                                                                                                                                                                                • GetParent.USER32 ref: 002D1F8B
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 002D1F8E
                                                                                                                                                                                                                • GetDlgCtrlID.USER32(?), ref: 002D1F97
                                                                                                                                                                                                                • GetParent.USER32(?), ref: 002D1FAB
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 002D1FAE
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                • API String ID: 711023334-1403004172
                                                                                                                                                                                                                • Opcode ID: becfae88ed2e279511eea7646d76b2acf85a1dc9f3c66c11f0ff6ec707b66705
                                                                                                                                                                                                                • Instruction ID: 381c2006417492f6487633bd711c72146480f6beb00e2042521462494e0be8fc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: becfae88ed2e279511eea7646d76b2acf85a1dc9f3c66c11f0ff6ec707b66705
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A21B071A20218BFCF15AFA0CC95DEEFBB8EF15310F004217F965A7291CB7559289B60
                                                                                                                                                                                                                Function 00303A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00303A9D
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00303AA0
                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00303AC7
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00303AEA
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00303B62
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00303BAC
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00303BC7
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00303BE2
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00303BF6
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00303C13
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 312131281-0
                                                                                                                                                                                                                • Opcode ID: 7bc73c0a110aa0de4c6cf75d537d36e355ac6a1d7413fa040b0abc2048001ff1
                                                                                                                                                                                                                • Instruction ID: 406b3e011efb58ea3edbc9c2b9c47133844adaaa412f103e77f7e8479e8aa416
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7bc73c0a110aa0de4c6cf75d537d36e355ac6a1d7413fa040b0abc2048001ff1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 04617B75901208AFDB12DFA8CC91EEE77F8EB09704F100199FA15EB2D1D770AA81DB50
                                                                                                                                                                                                                Function 002DB12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 002DB151
                                                                                                                                                                                                                • GetForegroundWindow.USER32(00000000,?,?,?,?,?,002DA1E1,?,00000001), ref: 002DB165
                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000), ref: 002DB16C
                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,002DA1E1,?,00000001), ref: 002DB17B
                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 002DB18D
                                                                                                                                                                                                                • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,002DA1E1,?,00000001), ref: 002DB1A6
                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,002DA1E1,?,00000001), ref: 002DB1B8
                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,002DA1E1,?,00000001), ref: 002DB1FD
                                                                                                                                                                                                                • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,002DA1E1,?,00000001), ref: 002DB212
                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,002DA1E1,?,00000001), ref: 002DB21D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2156557900-0
                                                                                                                                                                                                                • Opcode ID: e6b4b17e505fb7131dd424fa2c1ee6670de1aefd8bcf15e01cdaf99a9c5ca37b
                                                                                                                                                                                                                • Instruction ID: 2fcab0cb8a426342a39ca788579b98da010b9e9a43351da865ed6e897f587ca8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e6b4b17e505fb7131dd424fa2c1ee6670de1aefd8bcf15e01cdaf99a9c5ca37b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9531A276520205EFDB239F24ECA8BAD7B7DBB51355F154206F905DB250DBB4AD008F60
                                                                                                                                                                                                                Function 002A2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _free.LIBCMT ref: 002A2C94
                                                                                                                                                                                                                  • Part of subcall function 002A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,002AD7D1,00000000,00000000,00000000,00000000,?,002AD7F8,00000000,00000007,00000000,?,002ADBF5,00000000), ref: 002A29DE
                                                                                                                                                                                                                  • Part of subcall function 002A29C8: GetLastError.KERNEL32(00000000,?,002AD7D1,00000000,00000000,00000000,00000000,?,002AD7F8,00000000,00000007,00000000,?,002ADBF5,00000000,00000000), ref: 002A29F0
                                                                                                                                                                                                                • _free.LIBCMT ref: 002A2CA0
                                                                                                                                                                                                                • _free.LIBCMT ref: 002A2CAB
                                                                                                                                                                                                                • _free.LIBCMT ref: 002A2CB6
                                                                                                                                                                                                                • _free.LIBCMT ref: 002A2CC1
                                                                                                                                                                                                                • _free.LIBCMT ref: 002A2CCC
                                                                                                                                                                                                                • _free.LIBCMT ref: 002A2CD7
                                                                                                                                                                                                                • _free.LIBCMT ref: 002A2CE2
                                                                                                                                                                                                                • _free.LIBCMT ref: 002A2CED
                                                                                                                                                                                                                • _free.LIBCMT ref: 002A2CFB
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                • Opcode ID: 6c16aee64c9fe2dc49047d10b3a65a1c840b69de00f32ae85e07f4f8e1ee2930
                                                                                                                                                                                                                • Instruction ID: 03891fc01c4006a5e98a72c72062acfa577b5fcf5ea03cf7e1f9b02a929327c1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6c16aee64c9fe2dc49047d10b3a65a1c840b69de00f32ae85e07f4f8e1ee2930
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA110736120009EFCB42EF58D842CDE3BA5FF06750F5154A0FA485F222DA31EE649F91
                                                                                                                                                                                                                Function 002E7DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 002E7FAD
                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 002E7FC1
                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 002E7FEB
                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 002E8005
                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 002E8017
                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 002E8060
                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 002E80B0
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                • API String ID: 769691225-438819550
                                                                                                                                                                                                                • Opcode ID: 648d88c4c2243d91fa54f06ab8612d9d90b6bda553998478bb6d89a481a2f553
                                                                                                                                                                                                                • Instruction ID: 5e9d9bdcb96f8ce6a30625a54a4d8b69e1dbc0ec70e3622115ad3cdc88ffb2ee
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 648d88c4c2243d91fa54f06ab8612d9d90b6bda553998478bb6d89a481a2f553
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6E81D4715682829BCB20EF16C4409AEB3D8FF89310F984C5EF889D7250EB74DD65CB52
                                                                                                                                                                                                                Function 00275BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EB), ref: 00275C7A
                                                                                                                                                                                                                  • Part of subcall function 00275D0A: GetClientRect.USER32(?,?), ref: 00275D30
                                                                                                                                                                                                                  • Part of subcall function 00275D0A: GetWindowRect.USER32(?,?), ref: 00275D71
                                                                                                                                                                                                                  • Part of subcall function 00275D0A: ScreenToClient.USER32(?,?), ref: 00275D99
                                                                                                                                                                                                                • GetDC.USER32 ref: 002B46F5
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 002B4708
                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 002B4716
                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 002B472B
                                                                                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 002B4733
                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 002B47C4
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                • String ID: U
                                                                                                                                                                                                                • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                • Opcode ID: a5fbc7d0373c010f1728e442c43ba2eb6a647198e5056f9db20a2d2c94fd7300
                                                                                                                                                                                                                • Instruction ID: 0651aa22cf05bb6b08f1ffb97b88fc85129847313a6473c29353641372684f79
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5fbc7d0373c010f1728e442c43ba2eb6a647198e5056f9db20a2d2c94fd7300
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46710330420206DFCF229F64C9C4AEABBB9FF4A390F14422AE9555A1A7CB719861DF50
                                                                                                                                                                                                                Function 002E359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 002E35E4
                                                                                                                                                                                                                  • Part of subcall function 00279CB3: _wcslen.LIBCMT ref: 00279CBD
                                                                                                                                                                                                                • LoadStringW.USER32(00342390,?,00000FFF,?), ref: 002E360A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: LoadString$_wcslen
                                                                                                                                                                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                • Opcode ID: 430bddb8f3c8ad634effc5b3633fd37b0de3205d8e9080dbcc9bee1bfdfdb1c9
                                                                                                                                                                                                                • Instruction ID: 7376bd00e80d616311903a3ab0cad2826d3cb4ebe9238038b9aec5e93ef9a7a1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 430bddb8f3c8ad634effc5b3633fd37b0de3205d8e9080dbcc9bee1bfdfdb1c9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0A518171860249BACF15EFA0CC56EEDBB78AF14301F548165F109721A1DB302AE8DFA1
                                                                                                                                                                                                                Function 002EC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 002EC272
                                                                                                                                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 002EC29A
                                                                                                                                                                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 002EC2CA
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 002EC322
                                                                                                                                                                                                                • SetEvent.KERNEL32(?), ref: 002EC336
                                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 002EC341
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                • Opcode ID: b9974e53143a36e949bf52af2bbaed5408be10242bf7f6bb20f25ffd4d636f50
                                                                                                                                                                                                                • Instruction ID: 91fca34ee02f72237fed1d3c9f372ad273f5162d91b5a6b30c2fb9baaa9f9f9e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b9974e53143a36e949bf52af2bbaed5408be10242bf7f6bb20f25ffd4d636f50
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B531A271560244AFD7219FA6CC98A6B7BFCEB49740F64851EF446D3200DB30DD168B60
                                                                                                                                                                                                                Function 002D989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,002B3AAF,?,?,Bad directive syntax error,0030CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 002D98BC
                                                                                                                                                                                                                • LoadStringW.USER32(00000000,?,002B3AAF,?), ref: 002D98C3
                                                                                                                                                                                                                  • Part of subcall function 00279CB3: _wcslen.LIBCMT ref: 00279CBD
                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 002D9987
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                • API String ID: 858772685-4153970271
                                                                                                                                                                                                                • Opcode ID: 3cd5475084079d08da42ceec39d83a119baef65c0f4559ed8adb3163758f832b
                                                                                                                                                                                                                • Instruction ID: 7004f49a0507b89634f05c18b5a18a96a3015cc36ce299492d152477e24f8ee9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3cd5475084079d08da42ceec39d83a119baef65c0f4559ed8adb3163758f832b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E216F3182021ABBCF16EF90CC56EED7739BF18304F04845AF519660A2DA719AA8DF51
                                                                                                                                                                                                                Function 002D209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetParent.USER32 ref: 002D20AB
                                                                                                                                                                                                                • GetClassNameW.USER32(00000000,?,00000100), ref: 002D20C0
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 002D214D
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                • Opcode ID: d8048b8bd7d002ce43346916b7735fffa24b2c53188934a1eb602b0fe3db46dc
                                                                                                                                                                                                                • Instruction ID: 5d21df02be84caac787e8da94c7ce82f6589f10f643e88f97cb2922bd7c34a47
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8048b8bd7d002ce43346916b7735fffa24b2c53188934a1eb602b0fe3db46dc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F113A766B4307F9FA122620DC17DE6739CDF24324F204217FB08A51D2EEA19C2A5A14
                                                                                                                                                                                                                Function 002ACE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1282221369-0
                                                                                                                                                                                                                • Opcode ID: 3161f7efb9e35e1dec6b450d09611d58125a538a5bd6e80bac8c8e016a4a36e9
                                                                                                                                                                                                                • Instruction ID: 8d94f34b9d57aa098beeaa35113eb845d82066ad92988a49d2f8d5308a660512
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3161f7efb9e35e1dec6b450d09611d58125a538a5bd6e80bac8c8e016a4a36e9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 72617F72E24302EFDF25AFB8988166A7B99DF03310F24416FFA55D7641DE319D248B90
                                                                                                                                                                                                                Function 003050D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00305186
                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 003051C7
                                                                                                                                                                                                                • ShowWindow.USER32(?,00000005,?,00000000), ref: 003051CD
                                                                                                                                                                                                                • SetFocus.USER32(?,?,00000005,?,00000000), ref: 003051D1
                                                                                                                                                                                                                  • Part of subcall function 00306FBA: DeleteObject.GDI32(00000000), ref: 00306FE6
                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 0030520D
                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0030521A
                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0030524D
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00305287
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00305296
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3210457359-0
                                                                                                                                                                                                                • Opcode ID: 4b8b810e64579606f8a1416446a0f0790d9b657df57ac91e7ec922dcf9af010c
                                                                                                                                                                                                                • Instruction ID: 7808904355e169a743a691285fd1db622058cd1d711c8224131a6a601b97af5a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4b8b810e64579606f8a1416446a0f0790d9b657df57ac91e7ec922dcf9af010c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DD51BF34A53A08FFEF269F24CC6ABDA7B69EF05320F144512F6159A2E0C775A990DF40
                                                                                                                                                                                                                Function 00288B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 002C6890
                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 002C68A9
                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 002C68B9
                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 002C68D1
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 002C68F2
                                                                                                                                                                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00288874,00000000,00000000,00000000,000000FF,00000000), ref: 002C6901
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 002C691E
                                                                                                                                                                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00288874,00000000,00000000,00000000,000000FF,00000000), ref: 002C692D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1268354404-0
                                                                                                                                                                                                                • Opcode ID: fef297a15a8e0c3ae1b2aca2e78f0708c06810e433d6af2750330e19d0a5f7ad
                                                                                                                                                                                                                • Instruction ID: fef34480723b8180fb7e5f36079fcea1eeefa10b6b39c0e2fd295f7c3758a389
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fef297a15a8e0c3ae1b2aca2e78f0708c06810e433d6af2750330e19d0a5f7ad
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C518C7462120AAFDB21DF24CC95FAA77B9FB88754F104618F906D72E0DB70E9A0DB50
                                                                                                                                                                                                                Function 002EC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 002EC182
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 002EC195
                                                                                                                                                                                                                • SetEvent.KERNEL32(?), ref: 002EC1A9
                                                                                                                                                                                                                  • Part of subcall function 002EC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 002EC272
                                                                                                                                                                                                                  • Part of subcall function 002EC253: GetLastError.KERNEL32 ref: 002EC322
                                                                                                                                                                                                                  • Part of subcall function 002EC253: SetEvent.KERNEL32(?), ref: 002EC336
                                                                                                                                                                                                                  • Part of subcall function 002EC253: InternetCloseHandle.WININET(00000000), ref: 002EC341
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 337547030-0
                                                                                                                                                                                                                • Opcode ID: d80e49d68e7f8d329ba11c015eb661506119468f8fb9c01a27c9f592916d64bb
                                                                                                                                                                                                                • Instruction ID: f931d5449ec56d942dcf27aee367f66943336baa6ab7009029eee4849b3b8bab
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d80e49d68e7f8d329ba11c015eb661506119468f8fb9c01a27c9f592916d64bb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D131A171161682AFDB219FE6DC14A66BBFCFF18300F64451EFA5A86610D730E821DF60
                                                                                                                                                                                                                Function 002D25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 002D3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 002D3A57
                                                                                                                                                                                                                  • Part of subcall function 002D3A3D: GetCurrentThreadId.KERNEL32 ref: 002D3A5E
                                                                                                                                                                                                                  • Part of subcall function 002D3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,002D25B3), ref: 002D3A65
                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 002D25BD
                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 002D25DB
                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 002D25DF
                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 002D25E9
                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 002D2601
                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 002D2605
                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 002D260F
                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 002D2623
                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 002D2627
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2014098862-0
                                                                                                                                                                                                                • Opcode ID: 02c37ed5691845291d88b6b3d8a5adf1d4031ebdf913ad4080c261f135e9895b
                                                                                                                                                                                                                • Instruction ID: bb6a11dd1c9c4466a3172b79da7ea89d2a80b6fd9d2a308bc990755f030562b2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 02c37ed5691845291d88b6b3d8a5adf1d4031ebdf913ad4080c261f135e9895b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 690128303A0214BBFB206768DC8AF5A7F5DDB4EB11F101103F354AF1D1C9E218448AAA
                                                                                                                                                                                                                Function 002D1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,002D1449,?,?,00000000), ref: 002D180C
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,002D1449,?,?,00000000), ref: 002D1813
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,002D1449,?,?,00000000), ref: 002D1828
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000,?,002D1449,?,?,00000000), ref: 002D1830
                                                                                                                                                                                                                • DuplicateHandle.KERNEL32(00000000,?,002D1449,?,?,00000000), ref: 002D1833
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,002D1449,?,?,00000000), ref: 002D1843
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(002D1449,00000000,?,002D1449,?,?,00000000), ref: 002D184B
                                                                                                                                                                                                                • DuplicateHandle.KERNEL32(00000000,?,002D1449,?,?,00000000), ref: 002D184E
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,002D1874,00000000,00000000,00000000), ref: 002D1868
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1957940570-0
                                                                                                                                                                                                                • Opcode ID: 24f19ec6db8bf8215f1602cd27987ff5fec90952c4e165ca3772413c15286b27
                                                                                                                                                                                                                • Instruction ID: ae094ffa378d636038e98016d4be498a21db797ed350c6bf30c4d82325c24398
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 24f19ec6db8bf8215f1602cd27987ff5fec90952c4e165ca3772413c15286b27
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5701BF75251304BFE711AB65DC4DF573B6CEB89B11F005511FA05DB191C6749810CB20
                                                                                                                                                                                                                Function 002A3E80 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 305COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                • String ID: }})$}})$}})
                                                                                                                                                                                                                • API String ID: 1036877536-1398818392
                                                                                                                                                                                                                • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                • Instruction ID: 3c06a7ee2dea2497584bedd60b0eedbdb475372c3182f0075268f93b678b66f5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3EA16771D303879FEB15DE18C8917AABBE4EFA3350F1441ADE5859B281CAB4C9A1CB50
                                                                                                                                                                                                                Function 002FA0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 002DD4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 002DD501
                                                                                                                                                                                                                  • Part of subcall function 002DD4DC: Process32FirstW.KERNEL32(00000000,?), ref: 002DD50F
                                                                                                                                                                                                                  • Part of subcall function 002DD4DC: CloseHandle.KERNELBASE(00000000), ref: 002DD5DC
                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 002FA16D
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 002FA180
                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 002FA1B3
                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,00000000), ref: 002FA268
                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000), ref: 002FA273
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 002FA2C4
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                • String ID: SeDebugPrivilege
                                                                                                                                                                                                                • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                • Opcode ID: a1627f10b6472561fca891c3d0a30495b8ecef3f7076800489bb7d82ffe6e695
                                                                                                                                                                                                                • Instruction ID: 63497face34fd2ae0893a8b8c23943c2c0c5df6fd30a2db757945135c3838662
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a1627f10b6472561fca891c3d0a30495b8ecef3f7076800489bb7d82ffe6e695
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7561BE702242429FD320DF18C494F2ABBE5AF44358F14849DE96A4BBA3C772EC55CB92
                                                                                                                                                                                                                Function 00303886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00303925
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0030393A
                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00303954
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00303999
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001057,00000000,?), ref: 003039C6
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001061,?,0000000F), ref: 003039F4
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                • String ID: SysListView32
                                                                                                                                                                                                                • API String ID: 2147712094-78025650
                                                                                                                                                                                                                • Opcode ID: e5b0e12b56cc1fbfc51b331e4af70b8ecf45bd3d108b30f356e82d05af798990
                                                                                                                                                                                                                • Instruction ID: 405b2b3ae01dbb9344a71325fd5df3626b0ef336bd1b64e8208fccf6da68b8f9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e5b0e12b56cc1fbfc51b331e4af70b8ecf45bd3d108b30f356e82d05af798990
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A341A071A01218ABEF229F64CC59BEA7BADFF08350F110526F958E72C1D7719A94CB90
                                                                                                                                                                                                                Function 002DBC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 002DBCFD
                                                                                                                                                                                                                • IsMenu.USER32(00000000), ref: 002DBD1D
                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 002DBD53
                                                                                                                                                                                                                • GetMenuItemCount.USER32(01596400), ref: 002DBDA4
                                                                                                                                                                                                                • InsertMenuItemW.USER32(01596400,?,00000001,00000030), ref: 002DBDCC
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                • String ID: 0$2
                                                                                                                                                                                                                • API String ID: 93392585-3793063076
                                                                                                                                                                                                                • Opcode ID: c0ff33342cccf8eb1fee98ace206e4430c558a696a12796c9c0633c88bd73833
                                                                                                                                                                                                                • Instruction ID: 61d38e73595156ae1a1e9b2d148dc83e2eadffb0a434ce76f71017cd07c9b8cc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c0ff33342cccf8eb1fee98ace206e4430c558a696a12796c9c0633c88bd73833
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C51A070620206DBDF12CFA8D8A8BADBBFAAF49314F15425BE441973D0D7709D54CB51
                                                                                                                                                                                                                Function 00292D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00292D4B
                                                                                                                                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 00292D53
                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00292DE1
                                                                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00292E0C
                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00292E61
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                • String ID: &H)$csm
                                                                                                                                                                                                                • API String ID: 1170836740-2485517538
                                                                                                                                                                                                                • Opcode ID: 5261aedfacbc1668e36119a831ea21786e52e821a604ab31b4eeaae68792613f
                                                                                                                                                                                                                • Instruction ID: fa53f7ef09fa4eada4f321471c690c97130ed961ba842554d5bd2d340a4e2e36
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5261aedfacbc1668e36119a831ea21786e52e821a604ab31b4eeaae68792613f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C41A434A21209EBCF14DF68C885ADEBBB5BF44314F148155E814AB392D771AA69CFE0
                                                                                                                                                                                                                Function 002DC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadIconW.USER32(00000000,00007F03), ref: 002DC913
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: IconLoad
                                                                                                                                                                                                                • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                • API String ID: 2457776203-404129466
                                                                                                                                                                                                                • Opcode ID: 3de9dcff919711fe04fa457c4faa16279dc6ae2c31513502f42a74722b52eacb
                                                                                                                                                                                                                • Instruction ID: d7d1017da6a537ad17b4b2fd1e79b2dd996880f8c3d6ed382d86d3c8ecc56674
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3de9dcff919711fe04fa457c4faa16279dc6ae2c31513502f42a74722b52eacb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A511D8316B9307BEEB026B549C93CEA679CDF15364B70402BF900A6382D7A15D119664
                                                                                                                                                                                                                Function 002DDE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                • String ID: 0.0.0.0
                                                                                                                                                                                                                • API String ID: 642191829-3771769585
                                                                                                                                                                                                                • Opcode ID: f2a2451c28b9e1d56019d1aa4b7127350accf89f6af1db6cdbea0df488c9c9f6
                                                                                                                                                                                                                • Instruction ID: ee01d527e35219ec96cd4f9be3f85cfe3d9663d0e7e75fc2f08116ea52ed84ef
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f2a2451c28b9e1d56019d1aa4b7127350accf89f6af1db6cdbea0df488c9c9f6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BC11E431924105AFDB21BB74DC4AEEE77ACDB10711F01026BF5459A291EF708E918B60
                                                                                                                                                                                                                Function 00309F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00289BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00289BB2
                                                                                                                                                                                                                • GetSystemMetrics.USER32(0000000F), ref: 00309FC7
                                                                                                                                                                                                                • GetSystemMetrics.USER32(0000000F), ref: 00309FE7
                                                                                                                                                                                                                • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 0030A224
                                                                                                                                                                                                                • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 0030A242
                                                                                                                                                                                                                • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 0030A263
                                                                                                                                                                                                                • ShowWindow.USER32(00000003,00000000), ref: 0030A282
                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 0030A2A7
                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000005,?,?), ref: 0030A2CA
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1211466189-0
                                                                                                                                                                                                                • Opcode ID: 9fb6e3fb18799a1f1c71860e7ffbb248f7ad5199534e84dd08e5a22d5a745446
                                                                                                                                                                                                                • Instruction ID: 45a9d67169d433b8b1cfb3934806a1f9ed9ecc0c9e39226728ee46e5c71b1e95
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9fb6e3fb18799a1f1c71860e7ffbb248f7ad5199534e84dd08e5a22d5a745446
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4DB1DA30602619DFCF1ACF68D9A47AE7BF6FF44701F098069EC489B285DB31A940CB51
                                                                                                                                                                                                                Function 002DED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 952045576-0
                                                                                                                                                                                                                • Opcode ID: dfe5fa7b16f6f12ea914212a777efb1adc6d211b61c3032206c9a6175f8baa72
                                                                                                                                                                                                                • Instruction ID: e1757f03a9d012bcfb0de66bdac804166736e0583b9a69a93e30f2858a286967
                                                                                                                                                                                                                • Opcode Fuzzy Hash: dfe5fa7b16f6f12ea914212a777efb1adc6d211b61c3032206c9a6175f8baa72
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 69418065C2021875DF11FBB48C8AACFB7ACAF45710F508563E918E3222FB34E665C7A5
                                                                                                                                                                                                                Function 0028F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,002C682C,00000004,00000000,00000000), ref: 0028F953
                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,002C682C,00000004,00000000,00000000), ref: 002CF3D1
                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,002C682C,00000004,00000000,00000000), ref: 002CF454
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ShowWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1268545403-0
                                                                                                                                                                                                                • Opcode ID: 9cc50b101331b86401964ee2e7c0c5f277ebc675f68c25fb412aa2a70637bbd3
                                                                                                                                                                                                                • Instruction ID: 09a7d69ce636a28e24c954b56934801ccc080d6f6fe71aff488505ce12c641df
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9cc50b101331b86401964ee2e7c0c5f277ebc675f68c25fb412aa2a70637bbd3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E24180381366C1FEC7F9AF2CCB98B267B966B46314F14413DE047575E1C675A4A0CB11
                                                                                                                                                                                                                Function 00302D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00302D1B
                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00302D23
                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00302D2E
                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00302D3A
                                                                                                                                                                                                                • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00302D76
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00302D87
                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00305A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00302DC2
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00302DE1
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3864802216-0
                                                                                                                                                                                                                • Opcode ID: ca998e27360e2585421bbd3dcbf1b010df1d20ca47893fb60244d19a25e64d4b
                                                                                                                                                                                                                • Instruction ID: e3cfe540d3d2157fac74739a849fe1f49cea404a1bfd773b132366fc76f9c10e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ca998e27360e2585421bbd3dcbf1b010df1d20ca47893fb60244d19a25e64d4b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34319F72212214BFEB224F50CC99FEB7BADEF09711F044156FE089A2D1C6759C41C7A4
                                                                                                                                                                                                                Function 002D5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memcmp
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2931989736-0
                                                                                                                                                                                                                • Opcode ID: fd7a4f263b640c3350814a819fd2f7d2d9560931851136cba66e0182ca341df5
                                                                                                                                                                                                                • Instruction ID: b19f55ff34c0934cd4cfc1e0068f2ccab0f4e857a5ba083e8ae16398853af4cc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fd7a4f263b640c3350814a819fd2f7d2d9560931851136cba66e0182ca341df5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0C21AA61675A2ABBE61999118D92FFB736CAF10384F540022FD045AB85F7E0ED3089E9
                                                                                                                                                                                                                Function 002F4FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                • API String ID: 0-572801152
                                                                                                                                                                                                                • Opcode ID: 81e9505b1da6e204ec01dd9353c3ca7cc2a8b5c1b3697ab2a9e988333b912d4b
                                                                                                                                                                                                                • Instruction ID: cc6f125051cd7b127a1343b0cd6089f4e0f6d9067f47d27dc4fd004eab539ffe
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 81e9505b1da6e204ec01dd9353c3ca7cc2a8b5c1b3697ab2a9e988333b912d4b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E4D18071A1061EAFDB10CF98C881BBEB7B5BF48384F148179EA15AB281E770ED55CB50
                                                                                                                                                                                                                Function 002B1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCPInfo.KERNEL32(?,?), ref: 002B15CE
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 002B1651
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 002B16E4
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 002B16FB
                                                                                                                                                                                                                  • Part of subcall function 002A3820: RtlAllocateHeap.NTDLL(00000000,?,00341444,?,0028FDF5,?,?,0027A976,00000010,00341440,002713FC,?,002713C6,?,00271129), ref: 002A3852
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 002B1777
                                                                                                                                                                                                                • __freea.LIBCMT ref: 002B17A2
                                                                                                                                                                                                                • __freea.LIBCMT ref: 002B17AE
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2829977744-0
                                                                                                                                                                                                                • Opcode ID: 237090da5f2295072ea2c1117ea7c480f8e28edc7787bbff3294766bfb53379b
                                                                                                                                                                                                                • Instruction ID: 71bac2b15d11f0ec59857443744887966c076261dceca9a77c0efa99753e730e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 237090da5f2295072ea2c1117ea7c480f8e28edc7787bbff3294766bfb53379b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2191D771E302069BDF208E64CCA1AEEBBB99F49390F980659E811E7180DB35DC70CB60
                                                                                                                                                                                                                Function 002F4523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Variant$ClearInit
                                                                                                                                                                                                                • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                • API String ID: 2610073882-625585964
                                                                                                                                                                                                                • Opcode ID: a3c9f6f99b4fc7e3cbc641329a901eb1dcaafcfc1acb686a18c83a2061d917eb
                                                                                                                                                                                                                • Instruction ID: 1ad14c841096fc777053445db79587756a70ce6e160578b9706aae80dcf1ea04
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a3c9f6f99b4fc7e3cbc641329a901eb1dcaafcfc1acb686a18c83a2061d917eb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A691A271A10219ABDF24EFA5C884FBFF7B8AF45750F108129F605AB280D7B09951CF90
                                                                                                                                                                                                                Function 002E1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 002E125C
                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 002E1284
                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 002E12A8
                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 002E12D8
                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 002E135F
                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 002E13C4
                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 002E1430
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2550207440-0
                                                                                                                                                                                                                • Opcode ID: 703d1dc8dc033b5b269ac77a1555309401bdec535fa5a53bc5098eb29a37e396
                                                                                                                                                                                                                • Instruction ID: b076b878ebcddd6d0a4ca7347bca32ff8b4aca4704ac868acff0732a0c594102
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 703d1dc8dc033b5b269ac77a1555309401bdec535fa5a53bc5098eb29a37e396
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D911271A602599FEB01DFA6C884BBE77B5FF45314F50403AEA00EB291D774A961CF90
                                                                                                                                                                                                                Function 0028948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3225163088-0
                                                                                                                                                                                                                • Opcode ID: 8c3116393660997ddf1b448fd47315b1d3618e4d96a16dbd132fcf22a968910d
                                                                                                                                                                                                                • Instruction ID: 6d1394cc21f87243c665080cd07586aa4f1327a1ad4982d114f4e95195db3b5b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8c3116393660997ddf1b448fd47315b1d3618e4d96a16dbd132fcf22a968910d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA914875911219EFCB10DFA9CC44AEEBBB8FF49320F188149E511B7291D278A991CF60
                                                                                                                                                                                                                Function 002F3947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 002F396B
                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?), ref: 002F3A7A
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002F3A8A
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 002F3C1F
                                                                                                                                                                                                                  • Part of subcall function 002E0CDF: VariantInit.OLEAUT32(00000000), ref: 002E0D1F
                                                                                                                                                                                                                  • Part of subcall function 002E0CDF: VariantCopy.OLEAUT32(?,?), ref: 002E0D28
                                                                                                                                                                                                                  • Part of subcall function 002E0CDF: VariantClear.OLEAUT32(?), ref: 002E0D34
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                • Opcode ID: 15160d002b875ee1a7bdb48a009353fe4d807e2b8d936fc0d552a1e74f4706aa
                                                                                                                                                                                                                • Instruction ID: f467839396f921d42b973bbb984df56fd08e400a5e82770eb29b6c6985ee4516
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15160d002b875ee1a7bdb48a009353fe4d807e2b8d936fc0d552a1e74f4706aa
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 789176746283099FC700EF24C49186AB7E4BF88354F14892EF98A9B351DB30EE55CF92
                                                                                                                                                                                                                Function 002F4BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 002D000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,002CFF41,80070057,?,?,?,002D035E), ref: 002D002B
                                                                                                                                                                                                                  • Part of subcall function 002D000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,002CFF41,80070057,?,?), ref: 002D0046
                                                                                                                                                                                                                  • Part of subcall function 002D000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,002CFF41,80070057,?,?), ref: 002D0054
                                                                                                                                                                                                                  • Part of subcall function 002D000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,002CFF41,80070057,?), ref: 002D0064
                                                                                                                                                                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 002F4C51
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002F4D59
                                                                                                                                                                                                                • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 002F4DCF
                                                                                                                                                                                                                • CoTaskMemFree.OLE32(?), ref: 002F4DDA
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                • String ID: NULL Pointer assignment
                                                                                                                                                                                                                • API String ID: 614568839-2785691316
                                                                                                                                                                                                                • Opcode ID: 8f4e6ec7069cf4b3f55d3c8a47f90bcc3477f83a634ed73228eec39509a2a6cf
                                                                                                                                                                                                                • Instruction ID: d42559bedcd724b8609478a01003dcb427dec8f50369f5155787129d7e65ad0d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8f4e6ec7069cf4b3f55d3c8a47f90bcc3477f83a634ed73228eec39509a2a6cf
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0F912871D1021DEFDF14EFA4C891AEEB7B8BF08350F10816AE919A7251EB709A54CF60
                                                                                                                                                                                                                Function 003020FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetMenu.USER32(?), ref: 00302183
                                                                                                                                                                                                                • GetMenuItemCount.USER32(00000000), ref: 003021B5
                                                                                                                                                                                                                • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 003021DD
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00302213
                                                                                                                                                                                                                • GetMenuItemID.USER32(?,?), ref: 0030224D
                                                                                                                                                                                                                • GetSubMenu.USER32(?,?), ref: 0030225B
                                                                                                                                                                                                                  • Part of subcall function 002D3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 002D3A57
                                                                                                                                                                                                                  • Part of subcall function 002D3A3D: GetCurrentThreadId.KERNEL32 ref: 002D3A5E
                                                                                                                                                                                                                  • Part of subcall function 002D3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,002D25B3), ref: 002D3A65
                                                                                                                                                                                                                • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 003022E3
                                                                                                                                                                                                                  • Part of subcall function 002DE97B: Sleep.KERNEL32 ref: 002DE9F3
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4196846111-0
                                                                                                                                                                                                                • Opcode ID: 9e52f149e0609b318efc63dec7480888aec518431e19a691cf2355736824639b
                                                                                                                                                                                                                • Instruction ID: 1e67450f4ee4a22e0609e3a67285b47321c743373279e5b44b0d07a44bce4c02
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e52f149e0609b318efc63dec7480888aec518431e19a691cf2355736824639b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB71B035A01205AFCB16EFA4C859AAEB7F9EF48310F118459E816EB391DB34ED418F90
                                                                                                                                                                                                                Function 00307E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • IsWindow.USER32(015965E0), ref: 00307F37
                                                                                                                                                                                                                • IsWindowEnabled.USER32(015965E0), ref: 00307F43
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0030801E
                                                                                                                                                                                                                • SendMessageW.USER32(015965E0,000000B0,?,?), ref: 00308051
                                                                                                                                                                                                                • IsDlgButtonChecked.USER32(?,?), ref: 00308089
                                                                                                                                                                                                                • GetWindowLongW.USER32(015965E0,000000EC), ref: 003080AB
                                                                                                                                                                                                                • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 003080C3
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4072528602-0
                                                                                                                                                                                                                • Opcode ID: a009b65cd6fb2b85ec3176be737fc532a0d44d2277468b746a2b9819e92d261e
                                                                                                                                                                                                                • Instruction ID: 78683e2bc58a082c156cb8b9b8ae83432c9213b5af65c17a653884fc4e737545
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a009b65cd6fb2b85ec3176be737fc532a0d44d2277468b746a2b9819e92d261e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A1718234A0A205AFEF269F54CCA4FAABBB9EF09300F154459E945972E1CB31B845DB20
                                                                                                                                                                                                                Function 002DAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetParent.USER32(?), ref: 002DAEF9
                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 002DAF0E
                                                                                                                                                                                                                • SetKeyboardState.USER32(?), ref: 002DAF6F
                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000010,?), ref: 002DAF9D
                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000011,?), ref: 002DAFBC
                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000012,?), ref: 002DAFFD
                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,0000005B,?), ref: 002DB020
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 87235514-0
                                                                                                                                                                                                                • Opcode ID: 2ef07b8bd06a91689d03295d195f5930811e937f2a6c6e7713acabf41bb6fe7d
                                                                                                                                                                                                                • Instruction ID: ca7af89be2cd090818024db6bf1a5c727ffdda6f08eeb74908a71bb3661816cf
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2ef07b8bd06a91689d03295d195f5930811e937f2a6c6e7713acabf41bb6fe7d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A35101A0A243D67DFB3347348819BBBBEA95B06304F08858BE1D9459C2C3D9ACE8D751
                                                                                                                                                                                                                Function 002DACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetParent.USER32(00000000), ref: 002DAD19
                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 002DAD2E
                                                                                                                                                                                                                • SetKeyboardState.USER32(?), ref: 002DAD8F
                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 002DADBB
                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 002DADD8
                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 002DAE17
                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 002DAE38
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 87235514-0
                                                                                                                                                                                                                • Opcode ID: dbe09ec4c177f65a300f2237d7acd42e4df3d1ef56cef88654ce6b061d1335f5
                                                                                                                                                                                                                • Instruction ID: eaadb98fba4a641e939e733b5249890d3583946223e83bb05217d48459a57813
                                                                                                                                                                                                                • Opcode Fuzzy Hash: dbe09ec4c177f65a300f2237d7acd42e4df3d1ef56cef88654ce6b061d1335f5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D5129A19247D63DFB334734CC55F7A7F995B06300F08859AE0D546AC2C394ECA4D762
                                                                                                                                                                                                                Function 002A542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetConsoleCP.KERNEL32(002B3CD6,?,?,?,?,?,?,?,?,002A5BA3,?,?,002B3CD6,?,?), ref: 002A5470
                                                                                                                                                                                                                • __fassign.LIBCMT ref: 002A54EB
                                                                                                                                                                                                                • __fassign.LIBCMT ref: 002A5506
                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,002B3CD6,00000005,00000000,00000000), ref: 002A552C
                                                                                                                                                                                                                • WriteFile.KERNEL32(?,002B3CD6,00000000,002A5BA3,00000000,?,?,?,?,?,?,?,?,?,002A5BA3,?), ref: 002A554B
                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000001,002A5BA3,00000000,?,?,?,?,?,?,?,?,?,002A5BA3,?), ref: 002A5584
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1324828854-0
                                                                                                                                                                                                                • Opcode ID: 970841bdf1a369afb94aa9779287cb4507ee08493d3e8e32a8eb8da41dcd2a94
                                                                                                                                                                                                                • Instruction ID: 327489edfa8560b3ca02b5cf7b061e7c9b24dd619a76f4be37329ee00b309925
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 970841bdf1a369afb94aa9779287cb4507ee08493d3e8e32a8eb8da41dcd2a94
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8051E470E106099FDB11CFA8D885AEEBBF9EF0A300F14411AF955E7291DB30EA51CB60
                                                                                                                                                                                                                Function 002F10B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 002F304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 002F307A
                                                                                                                                                                                                                  • Part of subcall function 002F304E: _wcslen.LIBCMT ref: 002F309B
                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 002F1112
                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 002F1121
                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 002F11C9
                                                                                                                                                                                                                • closesocket.WSOCK32(00000000), ref: 002F11F9
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2675159561-0
                                                                                                                                                                                                                • Opcode ID: 4e4b414f15b2f1d1c34e400d5d1b05da88a4db93e2d1e72479f45b53a42f9cc8
                                                                                                                                                                                                                • Instruction ID: f4208b79c86e1cc95d1c89d4a6c56a56b5192314f8b29e3307db1b1de79fc5b6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4e4b414f15b2f1d1c34e400d5d1b05da88a4db93e2d1e72479f45b53a42f9cc8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA41F631620209EFDB119F24C844BBAB7E9EF45364F548169FE099B291C770AD61CFA1
                                                                                                                                                                                                                Function 002DCF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 002DDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,002DCF22,?), ref: 002DDDFD
                                                                                                                                                                                                                  • Part of subcall function 002DDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,002DCF22,?), ref: 002DDE16
                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 002DCF45
                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 002DCF7F
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002DD005
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002DD01B
                                                                                                                                                                                                                • SHFileOperationW.SHELL32(?), ref: 002DD061
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                • String ID: \*.*
                                                                                                                                                                                                                • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                • Opcode ID: 925abb7f93cab1d44bd87bdb4504cced45981505f6acea49aa7f730f7fa80f8a
                                                                                                                                                                                                                • Instruction ID: d3673a4226c2aa6ea79558eeadedbcbad693065ef912028c4cc2cf4ffcd392eb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 925abb7f93cab1d44bd87bdb4504cced45981505f6acea49aa7f730f7fa80f8a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B64137719552195FDF12EFA4C981ADD77B9AF18380F1000E7E509EB251EA34AE94CF50
                                                                                                                                                                                                                Function 00302DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00302E1C
                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00302E4F
                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00302E84
                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00302EB6
                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00302EE0
                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00302EF1
                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00302F0B
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2178440468-0
                                                                                                                                                                                                                • Opcode ID: 9b6411232d6d50d99a54cc31521bec76fd26bf7bde9dfb58211c6673439df24b
                                                                                                                                                                                                                • Instruction ID: b7b990c63ff05a11132264d9f537d88f1c59fc08f40196c04e0cb11729923b3d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9b6411232d6d50d99a54cc31521bec76fd26bf7bde9dfb58211c6673439df24b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D03128346861449FDB22CF58DCA8F6677E8FB4A750F1A1165FA048F2F1CB71A840DB40
                                                                                                                                                                                                                Function 002D7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 002D7769
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 002D778F
                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 002D7792
                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 002D77B0
                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 002D77B9
                                                                                                                                                                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 002D77DE
                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 002D77EC
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3761583154-0
                                                                                                                                                                                                                • Opcode ID: 7dd1c79dd945e04cc1c33c17004383e00063c5cef9d9fe88416b1bab7195cde7
                                                                                                                                                                                                                • Instruction ID: b75e91aa3a033f0a2f78686fe3a36b7cda9a783b5514cec4928faac70a41d3be
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7dd1c79dd945e04cc1c33c17004383e00063c5cef9d9fe88416b1bab7195cde7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB21DB76615219AFEF11DFA8CC44CBBB3ACFB09364B008527F904DB290E674DC418760
                                                                                                                                                                                                                Function 002D77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 002D7842
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 002D7868
                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 002D786B
                                                                                                                                                                                                                • SysAllocString.OLEAUT32 ref: 002D788C
                                                                                                                                                                                                                • SysFreeString.OLEAUT32 ref: 002D7895
                                                                                                                                                                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 002D78AF
                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 002D78BD
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3761583154-0
                                                                                                                                                                                                                • Opcode ID: 812eb109500541fdaf409d425b17c6e7072dc6f93ce4dc7927fe78a501b1d0dc
                                                                                                                                                                                                                • Instruction ID: a2e0a6a751144a46c08e8076e1bb7557ab6a215d808da507ddaa949c317f57df
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 812eb109500541fdaf409d425b17c6e7072dc6f93ce4dc7927fe78a501b1d0dc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D621D631625105AFDB11AFB8CC8DDAA77ECFB08360B108126F914CB2A0E674DC51EB64
                                                                                                                                                                                                                Function 002E04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetStdHandle.KERNEL32(0000000C), ref: 002E04F2
                                                                                                                                                                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 002E052E
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateHandlePipe
                                                                                                                                                                                                                • String ID: nul
                                                                                                                                                                                                                • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                • Opcode ID: e3f18bd39d7328d51465b7a2bb4cfe06f32110fb86b9b3cb0c0140ae03d3a4f5
                                                                                                                                                                                                                • Instruction ID: df373b5aa13fa84d1097675913633550224f6f81bbb3633e232eb05e1ed9f872
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e3f18bd39d7328d51465b7a2bb4cfe06f32110fb86b9b3cb0c0140ae03d3a4f5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD2185755503469FDF204F2ADC84A5A77B8BF45724FE04A19F8A1D61D0D7B0D9A1CF20
                                                                                                                                                                                                                Function 002E05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F6), ref: 002E05C6
                                                                                                                                                                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 002E0601
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateHandlePipe
                                                                                                                                                                                                                • String ID: nul
                                                                                                                                                                                                                • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                • Opcode ID: 364ddc7037b10bb7a0d5fbd7b3635f21e073089c22bcca9be45745874a6c0f2c
                                                                                                                                                                                                                • Instruction ID: c7c0eb8293fa08502318833fb65eb4fd69af935767759ce82e3efa3aa5b2c062
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 364ddc7037b10bb7a0d5fbd7b3635f21e073089c22bcca9be45745874a6c0f2c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 222196755503469BDB204F6ADC84B5A77ACBF85720F600B19E8A1E32D0D7F098B2CB10
                                                                                                                                                                                                                Function 003040AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 0027600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0027604C
                                                                                                                                                                                                                  • Part of subcall function 0027600E: GetStockObject.GDI32(00000011), ref: 00276060
                                                                                                                                                                                                                  • Part of subcall function 0027600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0027606A
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00304112
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0030411F
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0030412A
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00304139
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00304145
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                • String ID: Msctls_Progress32
                                                                                                                                                                                                                • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                • Opcode ID: f0f9942f05a02948fc780acc1cfb2d06a9f17e25af92cc7800fb2f564982a6ba
                                                                                                                                                                                                                • Instruction ID: ef1d524de544deb93cf2f5373935f0a0384ff4b9377793182f5735ee6bf13cf3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f0f9942f05a02948fc780acc1cfb2d06a9f17e25af92cc7800fb2f564982a6ba
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB11B2B215021DBEEF228F64CC85EE77F6DEF08798F014111FB18A6190CA729C61DBA4
                                                                                                                                                                                                                Function 002AD7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 002AD7A3: _free.LIBCMT ref: 002AD7CC
                                                                                                                                                                                                                • _free.LIBCMT ref: 002AD82D
                                                                                                                                                                                                                  • Part of subcall function 002A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,002AD7D1,00000000,00000000,00000000,00000000,?,002AD7F8,00000000,00000007,00000000,?,002ADBF5,00000000), ref: 002A29DE
                                                                                                                                                                                                                  • Part of subcall function 002A29C8: GetLastError.KERNEL32(00000000,?,002AD7D1,00000000,00000000,00000000,00000000,?,002AD7F8,00000000,00000007,00000000,?,002ADBF5,00000000,00000000), ref: 002A29F0
                                                                                                                                                                                                                • _free.LIBCMT ref: 002AD838
                                                                                                                                                                                                                • _free.LIBCMT ref: 002AD843
                                                                                                                                                                                                                • _free.LIBCMT ref: 002AD897
                                                                                                                                                                                                                • _free.LIBCMT ref: 002AD8A2
                                                                                                                                                                                                                • _free.LIBCMT ref: 002AD8AD
                                                                                                                                                                                                                • _free.LIBCMT ref: 002AD8B8
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                • Instruction ID: 936f01647e391b49b6b2344740204c39d0ccb1f32c9005dcb40d6594129d6369
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13115171560B04EBD521BFB0CC47FCBBBDC6F02700F400825B29AA68A2DE65B5254E51
                                                                                                                                                                                                                Function 002DDA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 002DDA74
                                                                                                                                                                                                                • LoadStringW.USER32(00000000), ref: 002DDA7B
                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 002DDA91
                                                                                                                                                                                                                • LoadStringW.USER32(00000000), ref: 002DDA98
                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,?,?,00011010), ref: 002DDADC
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • %s (%d) : ==> %s: %s %s, xrefs: 002DDAB9
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                • Opcode ID: 8e05a96dcc8bee9a7d00d6d8353cc2eec4f5ccfc4ab74746dc8797c16bf78f35
                                                                                                                                                                                                                • Instruction ID: a670df79b041f69cc807c0fc1b3ff6fe58aa3e97240fcb1b77e3b17df1e48238
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e05a96dcc8bee9a7d00d6d8353cc2eec4f5ccfc4ab74746dc8797c16bf78f35
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A60162F69102087FE712DBA49D89EE7326CE708701F445593B746E2081E6749E844F74
                                                                                                                                                                                                                Function 002E096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(0158F148,0158F148), ref: 002E097B
                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(0158F128,00000000), ref: 002E098D
                                                                                                                                                                                                                • TerminateThread.KERNEL32(?,000001F6), ref: 002E099B
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000003E8), ref: 002E09A9
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 002E09B8
                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(0158F148,000001F6), ref: 002E09C8
                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(0158F128), ref: 002E09CF
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3495660284-0
                                                                                                                                                                                                                • Opcode ID: 5e5529d5c6c61fa6c08fbfc14e25e51d78084a8a102d752d73d4fd79aacc012c
                                                                                                                                                                                                                • Instruction ID: 17c0ad2b101e44ece9060c9a12869949178ce146f2fc933093506c7fc54cbb33
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e5529d5c6c61fa6c08fbfc14e25e51d78084a8a102d752d73d4fd79aacc012c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7CF0CD31453512ABDB525F94EE99AD67A3DBF05702F802616F10150CA1C775A475CF90
                                                                                                                                                                                                                Function 00275D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00275D30
                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00275D71
                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00275D99
                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00275ED7
                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00275EF8
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1296646539-0
                                                                                                                                                                                                                • Opcode ID: fad594f8d55c431a2de04e22f43277132e3c509d1c0033ae223082b89a947b8c
                                                                                                                                                                                                                • Instruction ID: af177d9ebcd99ad3468298e72e063c2f2bfab7712f15e624b4b80e761b63cc79
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fad594f8d55c431a2de04e22f43277132e3c509d1c0033ae223082b89a947b8c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 42B17934A20B5ADBDB10DFA9C4807EEB7F1FF48310F14951AE8A9D7250DB70AA61DB50
                                                                                                                                                                                                                Function 002A01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __allrem.LIBCMT ref: 002A00BA
                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 002A00D6
                                                                                                                                                                                                                • __allrem.LIBCMT ref: 002A00ED
                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 002A010B
                                                                                                                                                                                                                • __allrem.LIBCMT ref: 002A0122
                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 002A0140
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1992179935-0
                                                                                                                                                                                                                • Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                                                                                                                                                                • Instruction ID: 4597f4c90917e33631ec46f75826b1212f61ab49ca84bf91178598985c10a0ac
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7811C72A207069BEB609F78CC81BAB73E8AF42764F24413AF515D76C1EB70D9208B50
                                                                                                                                                                                                                Function 002F1D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 002F3149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,002F101C,00000000,?,?,00000000), ref: 002F3195
                                                                                                                                                                                                                • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 002F1DC0
                                                                                                                                                                                                                • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 002F1DE1
                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 002F1DF2
                                                                                                                                                                                                                • inet_ntoa.WSOCK32(?), ref: 002F1E8C
                                                                                                                                                                                                                • htons.WSOCK32(?,?,?,?,?), ref: 002F1EDB
                                                                                                                                                                                                                • _strlen.LIBCMT ref: 002F1F35
                                                                                                                                                                                                                  • Part of subcall function 002D39E8: _strlen.LIBCMT ref: 002D39F2
                                                                                                                                                                                                                  • Part of subcall function 00276D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,0028CF58,?,?,?), ref: 00276DBA
                                                                                                                                                                                                                  • Part of subcall function 00276D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,0028CF58,?,?,?), ref: 00276DED
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1923757996-0
                                                                                                                                                                                                                • Opcode ID: 043f00e37bfcfecd390d83b097c13db78660302d9df6bd9d76348ea86d71da41
                                                                                                                                                                                                                • Instruction ID: 6474f79ac80b920feb73435cc0c15bdb1710dc01760eb20df6cadfebbae266c4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 043f00e37bfcfecd390d83b097c13db78660302d9df6bd9d76348ea86d71da41
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8AA1E130124305AFC324DF20C895F3AB7A5AF84358F948A5CF55A5B2E2CB71ED65CB92
                                                                                                                                                                                                                Function 002A61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,002982D9,002982D9,?,?,?,002A644F,00000001,00000001,8BE85006), ref: 002A6258
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,002A644F,00000001,00000001,8BE85006,?,?,?), ref: 002A62DE
                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 002A63D8
                                                                                                                                                                                                                • __freea.LIBCMT ref: 002A63E5
                                                                                                                                                                                                                  • Part of subcall function 002A3820: RtlAllocateHeap.NTDLL(00000000,?,00341444,?,0028FDF5,?,?,0027A976,00000010,00341440,002713FC,?,002713C6,?,00271129), ref: 002A3852
                                                                                                                                                                                                                • __freea.LIBCMT ref: 002A63EE
                                                                                                                                                                                                                • __freea.LIBCMT ref: 002A6413
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1414292761-0
                                                                                                                                                                                                                • Opcode ID: cf66b49b439bb3ba06d246d190fe380d86ff083ae12fb07426838a7d910052d1
                                                                                                                                                                                                                • Instruction ID: 4be107321478f151ec4e4c2b0c67419b7cb1d322c6082742df889bbf9b15dba4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf66b49b439bb3ba06d246d190fe380d86ff083ae12fb07426838a7d910052d1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6D51D272620216AFDF258FA4CC89EAF77AAEF46B50F184669FC05D6140DF34DC61CA60
                                                                                                                                                                                                                Function 002FBBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00279CB3: _wcslen.LIBCMT ref: 00279CBD
                                                                                                                                                                                                                  • Part of subcall function 002FC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,002FB6AE,?,?), ref: 002FC9B5
                                                                                                                                                                                                                  • Part of subcall function 002FC998: _wcslen.LIBCMT ref: 002FC9F1
                                                                                                                                                                                                                  • Part of subcall function 002FC998: _wcslen.LIBCMT ref: 002FCA68
                                                                                                                                                                                                                  • Part of subcall function 002FC998: _wcslen.LIBCMT ref: 002FCA9E
                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 002FBCCA
                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 002FBD25
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 002FBD6A
                                                                                                                                                                                                                • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 002FBD99
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 002FBDF3
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 002FBDFF
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1120388591-0
                                                                                                                                                                                                                • Opcode ID: f1db90d960d09856bbc05220e057c6be69b2a2b7c6c27c51da68f6fd6d442499
                                                                                                                                                                                                                • Instruction ID: 326a5a367ed527b20127ba0d3d8f5dbc133aa6c885fca7d024e37cdb26cb97a3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f1db90d960d09856bbc05220e057c6be69b2a2b7c6c27c51da68f6fd6d442499
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9381BB30228245EFC715DF24C891E2ABBE5FF84348F14896DF6594B2A2CB31ED55CB92
                                                                                                                                                                                                                Function 002CF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • VariantInit.OLEAUT32(00000035), ref: 002CF7B9
                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000001), ref: 002CF860
                                                                                                                                                                                                                • VariantCopy.OLEAUT32(002CFA64,00000000), ref: 002CF889
                                                                                                                                                                                                                • VariantClear.OLEAUT32(002CFA64), ref: 002CF8AD
                                                                                                                                                                                                                • VariantCopy.OLEAUT32(002CFA64,00000000), ref: 002CF8B1
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 002CF8BB
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3859894641-0
                                                                                                                                                                                                                • Opcode ID: ec2f448d5474631f8448021691add1dcddc4911f568d0fdd380065ce2a777c91
                                                                                                                                                                                                                • Instruction ID: 3cc42ac66b3af12675b11c6b98410ac8fe4451e6c81a953ff3d1b0ee2e2fdddb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ec2f448d5474631f8448021691add1dcddc4911f568d0fdd380065ce2a777c91
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE51F535630300ABCF94AF65D995F29B3AAEF45310F20966BE905DF291DB708C60CB97
                                                                                                                                                                                                                Function 002E910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00277620: _wcslen.LIBCMT ref: 00277625
                                                                                                                                                                                                                  • Part of subcall function 00276B57: _wcslen.LIBCMT ref: 00276B6A
                                                                                                                                                                                                                • GetOpenFileNameW.COMDLG32(00000058), ref: 002E94E5
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002E9506
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002E952D
                                                                                                                                                                                                                • GetSaveFileNameW.COMDLG32(00000058), ref: 002E9585
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                • String ID: X
                                                                                                                                                                                                                • API String ID: 83654149-3081909835
                                                                                                                                                                                                                • Opcode ID: 023578340bb7ff13e27b923e5633742304632b4b5665bf85feb22b0a49bbd91e
                                                                                                                                                                                                                • Instruction ID: 32f0b8b7db8950f487b854012bf4b69930e639222d87c8e8b2c27e64f4382223
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 023578340bb7ff13e27b923e5633742304632b4b5665bf85feb22b0a49bbd91e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8E1C231524341CFD724EF25C881A6AB7E4BF84314F44896EF8899B2A2DB31DD95CF92
                                                                                                                                                                                                                Function 0028920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00289BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00289BB2
                                                                                                                                                                                                                • BeginPaint.USER32(?,?,?), ref: 00289241
                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 002892A5
                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 002892C2
                                                                                                                                                                                                                • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 002892D3
                                                                                                                                                                                                                • EndPaint.USER32(?,?,?,?,?), ref: 00289321
                                                                                                                                                                                                                • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 002C71EA
                                                                                                                                                                                                                  • Part of subcall function 00289339: BeginPath.GDI32(00000000), ref: 00289357
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3050599898-0
                                                                                                                                                                                                                • Opcode ID: 2f21f249159403c28c6106961a89f14e87ead464be5c46539eb6d2d78a4706dc
                                                                                                                                                                                                                • Instruction ID: 9f57499547f0ec43c9b9fcf35cfcd25359b6b5dacd3fdae7923247b0edbcd3e3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f21f249159403c28c6106961a89f14e87ead464be5c46539eb6d2d78a4706dc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A641B335126601AFD712EF14CC94FBA7BA8EB46320F180269F9648B1E1C7719895DF61
                                                                                                                                                                                                                Function 002E07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,000001F5), ref: 002E080C
                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 002E0847
                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 002E0863
                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 002E08DC
                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 002E08F3
                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,000001F6), ref: 002E0921
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3368777196-0
                                                                                                                                                                                                                • Opcode ID: f3373b52f9c717b82af47d374814540e078d6688ac6dce2adbf19737969c35a8
                                                                                                                                                                                                                • Instruction ID: 084014b6f7f04512dbc4e0b8465917f2715cb8fead6e4013cd1323d79ad23586
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f3373b52f9c717b82af47d374814540e078d6688ac6dce2adbf19737969c35a8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA415771910205EBDF15AF54DCC5AAA77B8FF44310F1440A5ED009A297DB70DEA5DFA0
                                                                                                                                                                                                                Function 003081DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,002CF3AB,00000000,?,?,00000000,?,002C682C,00000004,00000000,00000000), ref: 0030824C
                                                                                                                                                                                                                • EnableWindow.USER32(?,00000000), ref: 00308272
                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,00000000), ref: 003082D1
                                                                                                                                                                                                                • ShowWindow.USER32(?,00000004), ref: 003082E5
                                                                                                                                                                                                                • EnableWindow.USER32(?,00000001), ref: 0030830B
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0030832F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 642888154-0
                                                                                                                                                                                                                • Opcode ID: 158f565c5b50cd419d6013b0545e4be4bc52cfb8fd9eced7cde06adc30e175f8
                                                                                                                                                                                                                • Instruction ID: 3855ff1a96ce3e2e82199f6efef31d88fc919639252d0e0a2851c19c1a3cf6c8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 158f565c5b50cd419d6013b0545e4be4bc52cfb8fd9eced7cde06adc30e175f8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10418638602644AFDF23CF15C8A9BA57BF8BB4A714F1956A9E5484F2E2CB316841CB50
                                                                                                                                                                                                                Function 002D4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 002D4C95
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 002D4CB2
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 002D4CEA
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002D4D08
                                                                                                                                                                                                                • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 002D4D10
                                                                                                                                                                                                                • _wcsstr.LIBVCRUNTIME ref: 002D4D1A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 72514467-0
                                                                                                                                                                                                                • Opcode ID: fb03f91425e591af217cbc7a5701d6ff677e125291de92713665318eee35a767
                                                                                                                                                                                                                • Instruction ID: 1f108032b3a8ba813d484fb5f44fb28271100f24890f07c0eae6422cf991aadc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fb03f91425e591af217cbc7a5701d6ff677e125291de92713665318eee35a767
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 44214931225205BBEB256F35DC09E3B7B9DDF45710F14802BF805CA291DE71CC2187A0
                                                                                                                                                                                                                Function 002E581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00273AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00273A97,?,?,00272E7F,?,?,?,00000000), ref: 00273AC2
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002E587B
                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 002E5995
                                                                                                                                                                                                                • CoCreateInstance.OLE32(0030FCF8,00000000,00000001,0030FB68,?), ref: 002E59AE
                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 002E59CC
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                • String ID: .lnk
                                                                                                                                                                                                                • API String ID: 3172280962-24824748
                                                                                                                                                                                                                • Opcode ID: 56518bb2feb1d81bf04b35852b66ca48b76e924362f25f8257f17866007a43ba
                                                                                                                                                                                                                • Instruction ID: a11b16ff02d80da59e783df4626e7cc4f9414b20279f2dd94e16f8dbddd667f3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 56518bb2feb1d81bf04b35852b66ca48b76e924362f25f8257f17866007a43ba
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1D163706287119FC714DF26C480A6ABBE1EF89718F50885DF8899B362DB31EC55CF92
                                                                                                                                                                                                                Function 002D175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 002D0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 002D0FCA
                                                                                                                                                                                                                  • Part of subcall function 002D0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 002D0FD6
                                                                                                                                                                                                                  • Part of subcall function 002D0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 002D0FE5
                                                                                                                                                                                                                  • Part of subcall function 002D0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 002D0FEC
                                                                                                                                                                                                                  • Part of subcall function 002D0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 002D1002
                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?,00000000,002D1335), ref: 002D17AE
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000000), ref: 002D17BA
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 002D17C1
                                                                                                                                                                                                                • CopySid.ADVAPI32(00000000,00000000,?), ref: 002D17DA
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,002D1335), ref: 002D17EE
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 002D17F5
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3008561057-0
                                                                                                                                                                                                                • Opcode ID: 614105e152ec96e8c72b4fafc8677590b09aa453e7c9a0404f7ecd3f96705ec5
                                                                                                                                                                                                                • Instruction ID: 5a5d66341a7af9263108fd54b9ad702abe9274f1c79b515267d7fd5cc2fc88c6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 614105e152ec96e8c72b4fafc8677590b09aa453e7c9a0404f7ecd3f96705ec5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F711CA31621206FFEB158FA4CC58BAFBBB8EB45315F10421AF4419B220C731AD20CB60
                                                                                                                                                                                                                Function 002D14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 002D14FF
                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 002D1506
                                                                                                                                                                                                                • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 002D1515
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000004), ref: 002D1520
                                                                                                                                                                                                                • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 002D154F
                                                                                                                                                                                                                • DestroyEnvironmentBlock.USERENV(00000000), ref: 002D1563
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1413079979-0
                                                                                                                                                                                                                • Opcode ID: cffc0abfba038222fd8eee85ac022530d6d092f937e9a0ed4c79e738aa461789
                                                                                                                                                                                                                • Instruction ID: 09ff562ca0bbf8fb5c854258083f4ef9102fa4b188dfc6b4aaa78ffcfe77e889
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cffc0abfba038222fd8eee85ac022530d6d092f937e9a0ed4c79e738aa461789
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DF11297251120ABFDF128F98ED49BDE7BADEF48744F048156FA05A21A0C375CE60DB60
                                                                                                                                                                                                                Function 00293382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00293379,00292FE5), ref: 00293390
                                                                                                                                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0029339E
                                                                                                                                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 002933B7
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,00293379,00292FE5), ref: 00293409
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3852720340-0
                                                                                                                                                                                                                • Opcode ID: 0c6633a1510218fcd3e2ea9c67b2b5227770dc1c65de983233ba047865551141
                                                                                                                                                                                                                • Instruction ID: 3065051a0ab5c4feb97002a539231f47c011d911f1724b02f1a36f34429acc84
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c6633a1510218fcd3e2ea9c67b2b5227770dc1c65de983233ba047865551141
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E101F532239312AEEF2A6B746CC59572A9CDB05375B201229F410901F0EF118D215A88
                                                                                                                                                                                                                Function 002A2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,002A5686,002B3CD6,?,00000000,?,002A5B6A,?,?,?,?,?,0029E6D1,?,00338A48), ref: 002A2D78
                                                                                                                                                                                                                • _free.LIBCMT ref: 002A2DAB
                                                                                                                                                                                                                • _free.LIBCMT ref: 002A2DD3
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,0029E6D1,?,00338A48,00000010,00274F4A,?,?,00000000,002B3CD6), ref: 002A2DE0
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,0029E6D1,?,00338A48,00000010,00274F4A,?,?,00000000,002B3CD6), ref: 002A2DEC
                                                                                                                                                                                                                • _abort.LIBCMT ref: 002A2DF2
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3160817290-0
                                                                                                                                                                                                                • Opcode ID: b6882b14557d8a90ad4e5828d7a4b0331218ad7971cbc593e6841b195ae1c4e8
                                                                                                                                                                                                                • Instruction ID: 7dc7eb3bdbdbb0224236420a1c673c41efde50b7224b4a1d5b97b45d9a4e53e6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b6882b14557d8a90ad4e5828d7a4b0331218ad7971cbc593e6841b195ae1c4e8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5FF0F435935E02EBC2232B3CBC06F1B265AAFC37A0F241519F824A2197EE248C295920
                                                                                                                                                                                                                Function 00308A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00289639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00289693
                                                                                                                                                                                                                  • Part of subcall function 00289639: SelectObject.GDI32(?,00000000), ref: 002896A2
                                                                                                                                                                                                                  • Part of subcall function 00289639: BeginPath.GDI32(?), ref: 002896B9
                                                                                                                                                                                                                  • Part of subcall function 00289639: SelectObject.GDI32(?,00000000), ref: 002896E2
                                                                                                                                                                                                                • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00308A4E
                                                                                                                                                                                                                • LineTo.GDI32(?,00000003,00000000), ref: 00308A62
                                                                                                                                                                                                                • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00308A70
                                                                                                                                                                                                                • LineTo.GDI32(?,00000000,00000003), ref: 00308A80
                                                                                                                                                                                                                • EndPath.GDI32(?), ref: 00308A90
                                                                                                                                                                                                                • StrokePath.GDI32(?), ref: 00308AA0
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 43455801-0
                                                                                                                                                                                                                • Opcode ID: 075781391e06d0b6752390ef412517eeddcfa38f6e3c142b7a3465a5e24cf2ad
                                                                                                                                                                                                                • Instruction ID: 0553697b5397fdb8ba7ac2c4f881eded6d165295c11e3ec9debb7790cb1e3ccd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 075781391e06d0b6752390ef412517eeddcfa38f6e3c142b7a3465a5e24cf2ad
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 45110576001108FFEB129F90DC98FAA7F6CEB08350F048122FA199A1A1C771AD95DFA0
                                                                                                                                                                                                                Function 002D51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 002D5218
                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 002D5229
                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 002D5230
                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 002D5238
                                                                                                                                                                                                                • MulDiv.KERNEL32(000009EC,?,00000000), ref: 002D524F
                                                                                                                                                                                                                • MulDiv.KERNEL32(000009EC,00000001,?), ref: 002D5261
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CapsDevice$Release
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1035833867-0
                                                                                                                                                                                                                • Opcode ID: ec30d9369eaf5ddae066f90ee496addf64b7431a4ddb1dc2e56568ae593bc897
                                                                                                                                                                                                                • Instruction ID: 7a727f8c9d688ebff0bed628da517370f145f8d15ce8f33b57dee4b3ee191744
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ec30d9369eaf5ddae066f90ee496addf64b7431a4ddb1dc2e56568ae593bc897
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6018B75A01719BBEB119FA69C49F4EBFB8EB48351F044166FA04AB280DA709C14CFA0
                                                                                                                                                                                                                Function 00271BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00271BF4
                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000010,00000000), ref: 00271BFC
                                                                                                                                                                                                                • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00271C07
                                                                                                                                                                                                                • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00271C12
                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000011,00000000), ref: 00271C1A
                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00271C22
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Virtual
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4278518827-0
                                                                                                                                                                                                                • Opcode ID: 5fe1c77273991f77f2b3439d09dae2dffe35aab38a96426e4ba3d64fec43a1fd
                                                                                                                                                                                                                • Instruction ID: b4399d4ede26e20f6ee3548a7df65cb9b63f51530db09978d050072358647a86
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5fe1c77273991f77f2b3439d09dae2dffe35aab38a96426e4ba3d64fec43a1fd
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C016CB09027597DE3008F5A8C85B52FFA8FF19354F04411B915C47941C7F5A864CBE5
                                                                                                                                                                                                                Function 002DEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 002DEB30
                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 002DEB46
                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,?), ref: 002DEB55
                                                                                                                                                                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 002DEB64
                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 002DEB6E
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 002DEB75
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 839392675-0
                                                                                                                                                                                                                • Opcode ID: da296d035836ed0797994697acfcad411bb3aa617ca6266c3eb12f9c19f77e6b
                                                                                                                                                                                                                • Instruction ID: 4b0d5a7f05fd1fb8a9a691ab47894f1794ffc4f4ac351cb3f84046598672ec85
                                                                                                                                                                                                                • Opcode Fuzzy Hash: da296d035836ed0797994697acfcad411bb3aa617ca6266c3eb12f9c19f77e6b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F2F0BE72222118BBE7325B629C1EEEF7E7CEFCAB11F00125AF601D1090D7A11E01CAB4
                                                                                                                                                                                                                Function 002C7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetClientRect.USER32(?), ref: 002C7452
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001328,00000000,?), ref: 002C7469
                                                                                                                                                                                                                • GetWindowDC.USER32(?), ref: 002C7475
                                                                                                                                                                                                                • GetPixel.GDI32(00000000,?,?), ref: 002C7484
                                                                                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 002C7496
                                                                                                                                                                                                                • GetSysColor.USER32(00000005), ref: 002C74B0
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 272304278-0
                                                                                                                                                                                                                • Opcode ID: c40c4acaa10ed9994033c2d27156438b6f1b0b270acf282ef34c3fcb9f62997c
                                                                                                                                                                                                                • Instruction ID: 779e2276a7a98b71d13192153fc32950b7058fb3d26ef8249cac2f688b663b32
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c40c4acaa10ed9994033c2d27156438b6f1b0b270acf282ef34c3fcb9f62997c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E8018B35421609EFDB225F64DC08FEA7BB9FB04321F141265FA15A20A0CB311E51EF10
                                                                                                                                                                                                                Function 002D1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 002D187F
                                                                                                                                                                                                                • UnloadUserProfile.USERENV(?,?), ref: 002D188B
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 002D1894
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 002D189C
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 002D18A5
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 002D18AC
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 146765662-0
                                                                                                                                                                                                                • Opcode ID: 74bba0becb769e7eb62f75ee8866ab63c881ed5ebba5f20a4a35acc1834c9273
                                                                                                                                                                                                                • Instruction ID: db412f16ca803be09479be01628e34d49723cfc947ff79c95f14de0cf1a7bbed
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 74bba0becb769e7eb62f75ee8866ab63c881ed5ebba5f20a4a35acc1834c9273
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8E0C236025101BBDA025BA1ED1C90ABB3DFB49B22B109322F225810B0CB329420DB90
                                                                                                                                                                                                                Function 0027BBE0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 232COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 0027BEB3
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Init_thread_footer
                                                                                                                                                                                                                • String ID: D%4$D%4$D%4$D%4D%4
                                                                                                                                                                                                                • API String ID: 1385522511-3317314414
                                                                                                                                                                                                                • Opcode ID: 08fa27a5b9c42a1d548eca08740724bc3bcbc812f54a074b46ea2f7f5d59c89f
                                                                                                                                                                                                                • Instruction ID: 63c9124f227ca3571279fa6ee154f7cd97f628373d6aaf3f7c255edda153b583
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 08fa27a5b9c42a1d548eca08740724bc3bcbc812f54a074b46ea2f7f5d59c89f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C917C75A2020ACFCB1ACF59C0907AAB7F1FF59310F64C16EE949AB350D771A991CB90
                                                                                                                                                                                                                Function 002F7B7E Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 230COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00290242: EnterCriticalSection.KERNEL32(0034070C,00341884,?,?,0028198B,00342518,?,?,?,002712F9,00000000), ref: 0029024D
                                                                                                                                                                                                                  • Part of subcall function 00290242: LeaveCriticalSection.KERNEL32(0034070C,?,0028198B,00342518,?,?,?,002712F9,00000000), ref: 0029028A
                                                                                                                                                                                                                  • Part of subcall function 00279CB3: _wcslen.LIBCMT ref: 00279CBD
                                                                                                                                                                                                                  • Part of subcall function 002900A3: __onexit.LIBCMT ref: 002900A9
                                                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 002F7BFB
                                                                                                                                                                                                                  • Part of subcall function 002901F8: EnterCriticalSection.KERNEL32(0034070C,?,?,00288747,00342514), ref: 00290202
                                                                                                                                                                                                                  • Part of subcall function 002901F8: LeaveCriticalSection.KERNEL32(0034070C,?,00288747,00342514), ref: 00290235
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                • String ID: +T,$5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                • API String ID: 535116098-1465144260
                                                                                                                                                                                                                • Opcode ID: 863825c30ded92e7cf295021452d8837bac7ad4bd08c11ad06a63b8ff45ff6c9
                                                                                                                                                                                                                • Instruction ID: 719272910946c99977e357684515ec7ee29e98619e3b9ae55b5ccd4b208fefae
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 863825c30ded92e7cf295021452d8837bac7ad4bd08c11ad06a63b8ff45ff6c9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C2919B74A2420DEFCB04EF54D8919BDB7B1EF49340F508069FA06AB292DB71AE61CB51
                                                                                                                                                                                                                Function 002DC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00277620: _wcslen.LIBCMT ref: 00277625
                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 002DC6EE
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002DC735
                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 002DC79C
                                                                                                                                                                                                                • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 002DC7CA
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                • Opcode ID: 203a26524dfeb4d685459d4ef7ebd9f07bd48ecbe103f41bb09ef57d665abecd
                                                                                                                                                                                                                • Instruction ID: 724abf0325a0da58fc4ac0ee86c922ef0361963c9288199283a13a9a10f27e3b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 203a26524dfeb4d685459d4ef7ebd9f07bd48ecbe103f41bb09ef57d665abecd
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F51CF716353039BE715AF28C845A6BB7ECAF85310F240A2AF995D22D0DB70DC64CF92
                                                                                                                                                                                                                Function 002FAD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ShellExecuteExW.SHELL32(0000003C), ref: 002FAEA3
                                                                                                                                                                                                                  • Part of subcall function 00277620: _wcslen.LIBCMT ref: 00277625
                                                                                                                                                                                                                • GetProcessId.KERNEL32(00000000), ref: 002FAF38
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 002FAF67
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                • String ID: <$@
                                                                                                                                                                                                                • API String ID: 146682121-1426351568
                                                                                                                                                                                                                • Opcode ID: d44fffd30b599ae7dbc4004969277939d7e937c8e2a29085dda7df8926be1cf2
                                                                                                                                                                                                                • Instruction ID: f275771545b9800f2795b618de10eb50161d9f1e17f8ab54af16bcdf16f99fc1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d44fffd30b599ae7dbc4004969277939d7e937c8e2a29085dda7df8926be1cf2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46717C70A20219DFCB14DF64C484AAEBBF4BF08310F1484A9E81AAB751C775ED51CF91
                                                                                                                                                                                                                Function 002D719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 002D7206
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 002D723C
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 002D724D
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 002D72CF
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                • String ID: DllGetClassObject
                                                                                                                                                                                                                • API String ID: 753597075-1075368562
                                                                                                                                                                                                                • Opcode ID: a10bec26c1e5f436dcfe134541847e25d8516d96e3a79aab2ea47cbae15ee38c
                                                                                                                                                                                                                • Instruction ID: 8f5b01059b9937f53fdde38ded54cf3c5a55ba0f3d1366cc325fe168349bf0f9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a10bec26c1e5f436dcfe134541847e25d8516d96e3a79aab2ea47cbae15ee38c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A6416E71614204EFDB15CF54C889A9A7BB9EF44310F1480AEBD059F30AE7B8DD54CBA0
                                                                                                                                                                                                                Function 00303D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00303E35
                                                                                                                                                                                                                • IsMenu.USER32(?), ref: 00303E4A
                                                                                                                                                                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00303E92
                                                                                                                                                                                                                • DrawMenuBar.USER32 ref: 00303EA5
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                • Opcode ID: d3afbf6b30acb88371b5b291bdadb7a73ee6251d32e6bfc94efb372da0ea825a
                                                                                                                                                                                                                • Instruction ID: de5c37eaaeb3ffe88dd42fb96637ae961e5c68783b6757f6f062db0fa965af90
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d3afbf6b30acb88371b5b291bdadb7a73ee6251d32e6bfc94efb372da0ea825a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1C416A76A12609EFDB11DF50D894AAABBB9FF49350F054229E9059B290D730AE44CF50
                                                                                                                                                                                                                Function 002D1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00279CB3: _wcslen.LIBCMT ref: 00279CBD
                                                                                                                                                                                                                  • Part of subcall function 002D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 002D3CCA
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 002D1E66
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 002D1E79
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000189,?,00000000), ref: 002D1EA9
                                                                                                                                                                                                                  • Part of subcall function 00276B57: _wcslen.LIBCMT ref: 00276B6A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                • Opcode ID: bd682f046368abaa776a4eaf7e397d946c88d3e134448f0bc518eb5a10afa06a
                                                                                                                                                                                                                • Instruction ID: 80dfaada324a0307a7d8abb76fbabcd290d7b87a736088b354b0ced2f552cddd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd682f046368abaa776a4eaf7e397d946c88d3e134448f0bc518eb5a10afa06a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53213571A20104BADB15AF60CC46CFFB7BCDF45354F14811AF825A36E1DB344D3A8A20
                                                                                                                                                                                                                Function 002FC9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcslen
                                                                                                                                                                                                                • String ID: HKEY_LOCAL_MACHINE$HKLM
                                                                                                                                                                                                                • API String ID: 176396367-4004644295
                                                                                                                                                                                                                • Opcode ID: 48e2e66b8a382a81f28ea3e1cb322e7ea231eb52ca0dfcd80eead727d6693a25
                                                                                                                                                                                                                • Instruction ID: 97360f1b4a59ce462ba25a872f3f902dd818d1ca495c54f1c1ae8b361133d72b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 48e2e66b8a382a81f28ea3e1cb322e7ea231eb52ca0dfcd80eead727d6693a25
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 81310973A2056F4BCB21DF2CCA514BEB3915BA17D0F354039E9456B344EA71EDA0D7A0
                                                                                                                                                                                                                Function 00302F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00302F8D
                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(?), ref: 00302F94
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00302FA9
                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00302FB1
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                • String ID: SysAnimate32
                                                                                                                                                                                                                • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                • Opcode ID: a499e56cab84013bae7d0b6efeef4eeea5ae584f0bc6923a0e684d4ac517a4ce
                                                                                                                                                                                                                • Instruction ID: 0e040a5fc73be2029ee56905568bf32e8fcfe708050e65ba27b617fe2f1a5ec3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a499e56cab84013bae7d0b6efeef4eeea5ae584f0bc6923a0e684d4ac517a4ce
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C21FD7120120AABEF234F64DCA8EBB77BDEB593A4F110219FA10D60E0C771DC919760
                                                                                                                                                                                                                Function 00294D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00294D1E,002A28E9,?,00294CBE,002A28E9,003388B8,0000000C,00294E15,002A28E9,00000002), ref: 00294D8D
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00294DA0
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,00294D1E,002A28E9,?,00294CBE,002A28E9,003388B8,0000000C,00294E15,002A28E9,00000002,00000000), ref: 00294DC3
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                • Opcode ID: c2129711170eaf9429bae2925590757d5ee7569deeaec0512b907c5a5a7b730c
                                                                                                                                                                                                                • Instruction ID: 79cce92300bfdcced09f473a29300e9924a85dcf5ebd9d46016bec10e7a2f3ee
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c2129711170eaf9429bae2925590757d5ee7569deeaec0512b907c5a5a7b730c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32F0A434521208BBDB165F90DC49BEDBBB8EF04711F000199F805A2190DB705991CB90
                                                                                                                                                                                                                Function 002CD3A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32 ref: 002CD3AD
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 002CD3BF
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 002CD3E5
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                • API String ID: 145871493-2590602151
                                                                                                                                                                                                                • Opcode ID: 4f9b8e39485773f706f8a3c7ea9e922627a7c1ec617f737898b8ed0402a4cfd6
                                                                                                                                                                                                                • Instruction ID: b30367505c7bdc8707d8fd49f5cd1ac68601e895b6a8fb41c649d3e8bea68123
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f9b8e39485773f706f8a3c7ea9e922627a7c1ec617f737898b8ed0402a4cfd6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10F02738837A129BD7771B108C64F5AB7149F11701F5593AEE806E6092C760CCA4CA83
                                                                                                                                                                                                                Function 00274E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00274EDD,?,00341418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00274E9C
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00274EAE
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00274EDD,?,00341418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00274EC0
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                • API String ID: 145871493-3689287502
                                                                                                                                                                                                                • Opcode ID: 573e6abb570519f3113fce41342365e4495a7f029a3410903027ac32a7320cca
                                                                                                                                                                                                                • Instruction ID: 269bd5f7c15d061df9618dbc57b2b0fa39864d088a66dadfb1ac77c9c10ccb7f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 573e6abb570519f3113fce41342365e4495a7f029a3410903027ac32a7320cca
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94E08636A235235BD2272B256C28B6BA558AF82B72F054216FC05D2140DB74CD0180A0
                                                                                                                                                                                                                Function 00274E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,002B3CDE,?,00341418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00274E62
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00274E74
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,002B3CDE,?,00341418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00274E87
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                • API String ID: 145871493-1355242751
                                                                                                                                                                                                                • Opcode ID: 3f343841b3d555b66624c229c0bd4a7977c7f58d491e364727856537dd166db1
                                                                                                                                                                                                                • Instruction ID: 8d1f48eddc0a077c972c0270b1f447566de0834500488eaea6ae5ca578bd4407
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f343841b3d555b66624c229c0bd4a7977c7f58d491e364727856537dd166db1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A6D0C23252362257D6272F246C29ECB6A1CEF86B21705A312F809E2150CF70CD1182D0
                                                                                                                                                                                                                Function 002E2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 002E2C05
                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?), ref: 002E2C87
                                                                                                                                                                                                                • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 002E2C9D
                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 002E2CAE
                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 002E2CC0
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$Delete$Copy
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3226157194-0
                                                                                                                                                                                                                • Opcode ID: fa45c5159f5d2af6d9541f933c4ab2278ea640b3672021f794bff52113800962
                                                                                                                                                                                                                • Instruction ID: 55e1bbb0a798d8c6aa1814de78b0e4cb3baa054992255656b51de411504a995f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fa45c5159f5d2af6d9541f933c4ab2278ea640b3672021f794bff52113800962
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 50B18F71D20129ABDF21EFA5CC85EDEB7BCEF09310F5040A6F50AE7141EA709A588F61
                                                                                                                                                                                                                Function 002FA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 002FA427
                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 002FA435
                                                                                                                                                                                                                • GetProcessIoCounters.KERNEL32(00000000,?), ref: 002FA468
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 002FA63D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3488606520-0
                                                                                                                                                                                                                • Opcode ID: 4ef26dadda0bb4676fe03cc12890e609de629683a026dfd5647c4b497fe3445e
                                                                                                                                                                                                                • Instruction ID: 0e3b9d435157966e6e505fefd0cf24ba015cc8707455484ae36d4a393ccd628f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ef26dadda0bb4676fe03cc12890e609de629683a026dfd5647c4b497fe3445e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0DA1A0B16143019FD720DF24C886F2AB7E5AF84714F14886DFA5A9B6D2D7B0EC518B82
                                                                                                                                                                                                                Function 002DE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 002DDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,002DCF22,?), ref: 002DDDFD
                                                                                                                                                                                                                  • Part of subcall function 002DDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,002DCF22,?), ref: 002DDE16
                                                                                                                                                                                                                  • Part of subcall function 002DE199: GetFileAttributesW.KERNEL32(?,002DCF95), ref: 002DE19A
                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 002DE473
                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 002DE4AC
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002DE5EB
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002DE603
                                                                                                                                                                                                                • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 002DE650
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3183298772-0
                                                                                                                                                                                                                • Opcode ID: 592db015a3360158f05d26d39932f4932a860bf73de574e2a65ee19a13a526ba
                                                                                                                                                                                                                • Instruction ID: 5c07e51d547ced67a436765f67b6b7cb8178d94e662d6d5a69001dd3052afaae
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 592db015a3360158f05d26d39932f4932a860bf73de574e2a65ee19a13a526ba
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C15182B25187455BCB24EB90DC819DF73DCAF84340F00491FF689D7291EF74A9988B66
                                                                                                                                                                                                                Function 002FB9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00279CB3: _wcslen.LIBCMT ref: 00279CBD
                                                                                                                                                                                                                  • Part of subcall function 002FC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,002FB6AE,?,?), ref: 002FC9B5
                                                                                                                                                                                                                  • Part of subcall function 002FC998: _wcslen.LIBCMT ref: 002FC9F1
                                                                                                                                                                                                                  • Part of subcall function 002FC998: _wcslen.LIBCMT ref: 002FCA68
                                                                                                                                                                                                                  • Part of subcall function 002FC998: _wcslen.LIBCMT ref: 002FCA9E
                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 002FBAA5
                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 002FBB00
                                                                                                                                                                                                                • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 002FBB63
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?), ref: 002FBBA6
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 002FBBB3
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 826366716-0
                                                                                                                                                                                                                • Opcode ID: 6c31a01f323225c174b3cf3fd36871c11af006385ab918f4a1d3a148def4afee
                                                                                                                                                                                                                • Instruction ID: 90d0c00348625fa2d44f4b1823e74e91463253ceb336aad99ddef72350a865c2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6c31a01f323225c174b3cf3fd36871c11af006385ab918f4a1d3a148def4afee
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D261CE30228245AFC315DF14C491E3ABBE4FF84348F14856DF5998B2A2CB31ED55CB92
                                                                                                                                                                                                                Function 002D8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 002D8BCD
                                                                                                                                                                                                                • VariantClear.OLEAUT32 ref: 002D8C3E
                                                                                                                                                                                                                • VariantClear.OLEAUT32 ref: 002D8C9D
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 002D8D10
                                                                                                                                                                                                                • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 002D8D3B
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4136290138-0
                                                                                                                                                                                                                • Opcode ID: a926497eab0bc2784aaee6f920639bff2dbcd97a5a0ebb3d2434c1e0635d804c
                                                                                                                                                                                                                • Instruction ID: f85cb816311a092ece94ad4347140c8fc8bf034187c36faf616766341917c89f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a926497eab0bc2784aaee6f920639bff2dbcd97a5a0ebb3d2434c1e0635d804c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF516AB5A10219EFCB14CF68C894AAAB7F9FF89310F15855AE905DB350E730E921CF90
                                                                                                                                                                                                                Function 002E8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 002E8BAE
                                                                                                                                                                                                                • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 002E8BDA
                                                                                                                                                                                                                • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 002E8C32
                                                                                                                                                                                                                • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 002E8C57
                                                                                                                                                                                                                • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 002E8C5F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2832842796-0
                                                                                                                                                                                                                • Opcode ID: b6e6801896ef51188c79cb63cea3436c52d694b428fd8df84a85b415314fa13d
                                                                                                                                                                                                                • Instruction ID: 1eb0e93f5ca5b2b78286b8802a05b07fc25a7e1e635cf49db6fc1a7cf6e90241
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b6e6801896ef51188c79cb63cea3436c52d694b428fd8df84a85b415314fa13d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C3513735A102159FCB05DF65C881A6ABBF5FF49314F18C459E849AB3A2CB31ED61CFA0
                                                                                                                                                                                                                Function 002F8EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(?,00000000,?), ref: 002F8F40
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 002F8FD0
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,00000000), ref: 002F8FEC
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 002F9032
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 002F9052
                                                                                                                                                                                                                  • Part of subcall function 0028F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,002E1043,?,753CE610), ref: 0028F6E6
                                                                                                                                                                                                                  • Part of subcall function 0028F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,002CFA64,00000000,00000000,?,?,002E1043,?,753CE610,?,002CFA64), ref: 0028F70D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 666041331-0
                                                                                                                                                                                                                • Opcode ID: 66dbf3ea8b6115044335782100a21105badc97a96fe34b5e1db836035bacd6df
                                                                                                                                                                                                                • Instruction ID: d06d964d803f462a020f691b6a273bb8bf32b1bf9a73172a204f1084be70496f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 66dbf3ea8b6115044335782100a21105badc97a96fe34b5e1db836035bacd6df
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48517734621209DFCB01DF68C494DA9FBB1FF49354B4881A9E90A9B762DB31ED95CF80
                                                                                                                                                                                                                Function 00306B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00306C33
                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EC,?), ref: 00306C4A
                                                                                                                                                                                                                • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00306C73
                                                                                                                                                                                                                • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,002EAB79,00000000,00000000), ref: 00306C98
                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00306CC7
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3688381893-0
                                                                                                                                                                                                                • Opcode ID: 8addd1d3c5b9a910211a660b9c2893a3433229aaf0fc9339a0679dac3609f45d
                                                                                                                                                                                                                • Instruction ID: e9a50e501cdbe6bdcd370fbeec884ac295d585d654d31535cf054b5ad12a1104
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8addd1d3c5b9a910211a660b9c2893a3433229aaf0fc9339a0679dac3609f45d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB41FB35606104AFE726CF29CC76FA97BA9EB09350F150229FC55A72E4C771ED61CA40
                                                                                                                                                                                                                Function 002A2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _free
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 269201875-0
                                                                                                                                                                                                                • Opcode ID: dcadce0e935b70783f57957b261670473e6d51027b5b016382aa6fc7f6b23b1b
                                                                                                                                                                                                                • Instruction ID: 50496a872107b7c6b9b055ff4be94322a634ed2d9d47a12decbf235764d71e24
                                                                                                                                                                                                                • Opcode Fuzzy Hash: dcadce0e935b70783f57957b261670473e6d51027b5b016382aa6fc7f6b23b1b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3841E176A20200DFCB24DF7CC880A5EB7E5EF8A314F1545A9E615EB392DA31ED15CB80
                                                                                                                                                                                                                Function 0028912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00289141
                                                                                                                                                                                                                • ScreenToClient.USER32(00000000,?), ref: 0028915E
                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000001), ref: 00289183
                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000002), ref: 0028919D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4210589936-0
                                                                                                                                                                                                                • Opcode ID: 234d7b3198329eb701ea10e78da65ba27a4541c42bb9b003f332568a88566e55
                                                                                                                                                                                                                • Instruction ID: 38f3fbb7d1610b39adcc16370baebee03975e0c9cbc32757100e743b2903f4cc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 234d7b3198329eb701ea10e78da65ba27a4541c42bb9b003f332568a88566e55
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B415E35A1950BBBDF15AF64C848BFEB774FB05324F244319E429A62D0C77069A0DF91
                                                                                                                                                                                                                Function 002E3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetInputState.USER32 ref: 002E38CB
                                                                                                                                                                                                                • TranslateAcceleratorW.USER32(?,00000000,?), ref: 002E3922
                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 002E394B
                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 002E3955
                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 002E3966
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2256411358-0
                                                                                                                                                                                                                • Opcode ID: 3f3cff6d557a82458f5f87445f724d0ba3f0faed240ec2fb4993b3fde5e0108f
                                                                                                                                                                                                                • Instruction ID: 551486bcfc3878b31ad9fcc10b24e1e2a001221e1f990383f630cc0b0aae0ef0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f3cff6d557a82458f5f87445f724d0ba3f0faed240ec2fb4993b3fde5e0108f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D831E8745B47C29EEB36CF36981CBB637ACAB02302F840559E462870A1D7F4A694CB21
                                                                                                                                                                                                                Function 002ECF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,002EC21E,00000000), ref: 002ECF38
                                                                                                                                                                                                                • InternetReadFile.WININET(?,00000000,?,?), ref: 002ECF6F
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,?,?,?,002EC21E,00000000), ref: 002ECFB4
                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,002EC21E,00000000), ref: 002ECFC8
                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,002EC21E,00000000), ref: 002ECFF2
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3191363074-0
                                                                                                                                                                                                                • Opcode ID: 99a93f04d865d3360ca570b6c5e2819e9106c784c03ae48340b985d4d5e4ac64
                                                                                                                                                                                                                • Instruction ID: a3dfb47db38f51104b60d9ee1486f769eaf638df844cde201ea41327b35795ed
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 99a93f04d865d3360ca570b6c5e2819e9106c784c03ae48340b985d4d5e4ac64
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A316B71660246AFDB20DFE6C884AAABBFDEB04311B60442FF506D2550DB30AE529B60
                                                                                                                                                                                                                Function 002D1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 002D1915
                                                                                                                                                                                                                • PostMessageW.USER32(00000001,00000201,00000001), ref: 002D19C1
                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?), ref: 002D19C9
                                                                                                                                                                                                                • PostMessageW.USER32(00000001,00000202,00000000), ref: 002D19DA
                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?), ref: 002D19E2
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3382505437-0
                                                                                                                                                                                                                • Opcode ID: 89131c2aa8a745e6956a0659ca67c6da5cd53f1eff7f8731596c6b75bac1fa73
                                                                                                                                                                                                                • Instruction ID: 4aa8dd1005fa4345056be8d5e177c20a4a6edb03ac6430df37913e7bd18f0ddc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 89131c2aa8a745e6956a0659ca67c6da5cd53f1eff7f8731596c6b75bac1fa73
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7431B171A10219EFCB14CFA8CDA9ADE7BB5EB04315F104326F921A72D1C7709D64CB90
                                                                                                                                                                                                                Function 00305706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00305745
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001074,?,00000001), ref: 0030579D
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 003057AF
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 003057BA
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00305816
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 763830540-0
                                                                                                                                                                                                                • Opcode ID: ac0c7b94cbaccd2b46fb4543e7d4c16931f7d97e566cade4d31f5b910820b998
                                                                                                                                                                                                                • Instruction ID: b79daaf59ee0a52cbab092c3679075a39737b543bb59b79aa043d2e9c6bbf015
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ac0c7b94cbaccd2b46fb4543e7d4c16931f7d97e566cade4d31f5b910820b998
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D21A235905618EADF229FA5CC94AEEB7BCFF04720F108216E929EA1C0E7709985CF50
                                                                                                                                                                                                                Function 002F0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • IsWindow.USER32(00000000), ref: 002F0951
                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 002F0968
                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 002F09A4
                                                                                                                                                                                                                • GetPixel.GDI32(00000000,?,00000003), ref: 002F09B0
                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000003), ref: 002F09E8
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4156661090-0
                                                                                                                                                                                                                • Opcode ID: 59df1c8b3389e767f73a5c4f786700bc7cdb00118873d7cd24945a1a219a47d7
                                                                                                                                                                                                                • Instruction ID: 1c757ff4b91b6c623ec383d9eb587867eb1446dd638053ee22867505d1904810
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 59df1c8b3389e767f73a5c4f786700bc7cdb00118873d7cd24945a1a219a47d7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF218E35610208AFD714EF65C895AAEBBE9EF48740F048179F94A97762DB70AC14CF50
                                                                                                                                                                                                                Function 002ACDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetEnvironmentStringsW.KERNEL32 ref: 002ACDC6
                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 002ACDE9
                                                                                                                                                                                                                  • Part of subcall function 002A3820: RtlAllocateHeap.NTDLL(00000000,?,00341444,?,0028FDF5,?,?,0027A976,00000010,00341440,002713FC,?,002713C6,?,00271129), ref: 002A3852
                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 002ACE0F
                                                                                                                                                                                                                • _free.LIBCMT ref: 002ACE22
                                                                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 002ACE31
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 336800556-0
                                                                                                                                                                                                                • Opcode ID: 725b12c70351cf396838d041949d7e7bdf414b74de2ce3b69e3f4e30481f1568
                                                                                                                                                                                                                • Instruction ID: 23ec732c64a71f75e2b94ec496427ef48039213d434ac751a25ef7604cc26cf4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 725b12c70351cf396838d041949d7e7bdf414b74de2ce3b69e3f4e30481f1568
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD01FC726322167F67211BB66D4CD7BB96DDEC7FA1725022AFD05D7201EE608D2181F0
                                                                                                                                                                                                                Function 00289639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00289693
                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 002896A2
                                                                                                                                                                                                                • BeginPath.GDI32(?), ref: 002896B9
                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 002896E2
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3225163088-0
                                                                                                                                                                                                                • Opcode ID: 211fd43ee858fd529bb596281562a9de0c05ddceae5f52f350fdb8a1fd64cd8b
                                                                                                                                                                                                                • Instruction ID: 6fa95ccf35bdb69955cbc6f93f3727922bb1f2529cc50a3a13db1d5e45c67e8a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 211fd43ee858fd529bb596281562a9de0c05ddceae5f52f350fdb8a1fd64cd8b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 61216D39823616EBDB12AF64DC14BB93BACBB01315F140216F420AA1F0E770A8E1CF90
                                                                                                                                                                                                                Function 002D5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _memcmp
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2931989736-0
                                                                                                                                                                                                                • Opcode ID: 6fb2288fca7893ab609ea85e22855d671283175b6b9d0a246e202b6fe8818790
                                                                                                                                                                                                                • Instruction ID: ec5564d9ba0ab1ed33c5a3338b4b63622d60b77ced752dd0158c949026e2bd5b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6fb2288fca7893ab609ea85e22855d671283175b6b9d0a246e202b6fe8818790
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0401D6612A1616FEF61995119D42EFBB35C9B21394B200022FD049A781F6A0ED3086A4
                                                                                                                                                                                                                Function 002A2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,0029F2DE,002A3863,00341444,?,0028FDF5,?,?,0027A976,00000010,00341440,002713FC,?,002713C6), ref: 002A2DFD
                                                                                                                                                                                                                • _free.LIBCMT ref: 002A2E32
                                                                                                                                                                                                                • _free.LIBCMT ref: 002A2E59
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,00271129), ref: 002A2E66
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,00271129), ref: 002A2E6F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$_free
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3170660625-0
                                                                                                                                                                                                                • Opcode ID: 7ea09dce1131fa83064cbfc461cd354f6923da2f2aaba16f93c66b47200f46eb
                                                                                                                                                                                                                • Instruction ID: 685f9e70c60c7e0175cf928aee19b91985f4ce49be82b17f5fe6ec5a66464858
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7ea09dce1131fa83064cbfc461cd354f6923da2f2aaba16f93c66b47200f46eb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 27014936635601EBC6136B3C2E45E2B265DABC3370F201125F820E2193EF74DC7C4920
                                                                                                                                                                                                                Function 002D000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,002CFF41,80070057,?,?,?,002D035E), ref: 002D002B
                                                                                                                                                                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,002CFF41,80070057,?,?), ref: 002D0046
                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,002CFF41,80070057,?,?), ref: 002D0054
                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,002CFF41,80070057,?), ref: 002D0064
                                                                                                                                                                                                                • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,002CFF41,80070057,?,?), ref: 002D0070
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3897988419-0
                                                                                                                                                                                                                • Opcode ID: 976102344116e99bcc87531931d1d0435739ea6c85a31afcce7db0611a5215a9
                                                                                                                                                                                                                • Instruction ID: dc69d55ac873311dff6a824a9fcf7fe54c4c6fbc97a2a5d9eff6bd0be92c5b31
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 976102344116e99bcc87531931d1d0435739ea6c85a31afcce7db0611a5215a9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0801F272621214BFDB114F68DC84BAA7AEDEF84353F109226F905D2320D770DD008BA0
                                                                                                                                                                                                                Function 002DE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 002DE997
                                                                                                                                                                                                                • QueryPerformanceFrequency.KERNEL32(?), ref: 002DE9A5
                                                                                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 002DE9AD
                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 002DE9B7
                                                                                                                                                                                                                • Sleep.KERNEL32 ref: 002DE9F3
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2833360925-0
                                                                                                                                                                                                                • Opcode ID: 37635417923b8d502453086c156d62d7ec42eedf19da5ef279da313030d1af1a
                                                                                                                                                                                                                • Instruction ID: c67ec84fdd35d0e9ca3ad63d79ec5a4e96c206cfaef6e816df0c56955279d66f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 37635417923b8d502453086c156d62d7ec42eedf19da5ef279da313030d1af1a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E015B31C22629DBCF04AFE4D8696DDBB7CBB08300F010657E502B6280CB309964CBA2
                                                                                                                                                                                                                Function 002D10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 002D1114
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,00000000,?,?,002D0B9B,?,?,?), ref: 002D1120
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,002D0B9B,?,?,?), ref: 002D112F
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,002D0B9B,?,?,?), ref: 002D1136
                                                                                                                                                                                                                • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 002D114D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 842720411-0
                                                                                                                                                                                                                • Opcode ID: e37ca14a6da3b75d02de151d48d4e7ea9a5bbf2f333baca9580afd875cd9a471
                                                                                                                                                                                                                • Instruction ID: f44db60931c8f2d35a756c886b972291e525699b1ff6b9e5a059d7c6833f763a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e37ca14a6da3b75d02de151d48d4e7ea9a5bbf2f333baca9580afd875cd9a471
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC016979211205BFEB124FA4DC59A6B3B7EEF893A0F20051AFA45C3360DA31DC108A60
                                                                                                                                                                                                                Function 002D0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 002D0FCA
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 002D0FD6
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 002D0FE5
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 002D0FEC
                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 002D1002
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 44706859-0
                                                                                                                                                                                                                • Opcode ID: 561d0f2a12d55f26d1a84a9b60ee5c5fef48f0aa9840e7c84d2b35f97ee22177
                                                                                                                                                                                                                • Instruction ID: 89de3dc75c59cb921459588e71756ba40bc44eebe20bf5b2dbd16108a484e709
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 561d0f2a12d55f26d1a84a9b60ee5c5fef48f0aa9840e7c84d2b35f97ee22177
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 11F04939221302BBDB225FA4AC59F573BADEF89762F204516FA45C6291CA70DC60CA60
                                                                                                                                                                                                                Function 002D1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 002D102A
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 002D1036
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 002D1045
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 002D104C
                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 002D1062
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 44706859-0
                                                                                                                                                                                                                • Opcode ID: 9bc2e4d3c46ace9f1db54cc5c6dde06e49937a10574dbce1f48964bbe3a75060
                                                                                                                                                                                                                • Instruction ID: 5b95024f165d4347e5a3830158e257615a964ebd67e727b4ea252a0706aee05a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9bc2e4d3c46ace9f1db54cc5c6dde06e49937a10574dbce1f48964bbe3a75060
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34F04939221352BBDB226FA4EC59F573BADEF89762F100516FA45C6250CA70DC60CA60
                                                                                                                                                                                                                Function 002E030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,002E017D,?,002E32FC,?,00000001,002B2592,?), ref: 002E0324
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,002E017D,?,002E32FC,?,00000001,002B2592,?), ref: 002E0331
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,002E017D,?,002E32FC,?,00000001,002B2592,?), ref: 002E033E
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,002E017D,?,002E32FC,?,00000001,002B2592,?), ref: 002E034B
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,002E017D,?,002E32FC,?,00000001,002B2592,?), ref: 002E0358
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,002E017D,?,002E32FC,?,00000001,002B2592,?), ref: 002E0365
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                                                                • Opcode ID: 6b8b7f63d6e44bf6c9cf927b58156a18c4b93fd0cb7f6bdde82bd7b1038ffa36
                                                                                                                                                                                                                • Instruction ID: 3665cadab52768de4c7d034ba4de75d2034852fe987d73263e62b2039e1b0290
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6b8b7f63d6e44bf6c9cf927b58156a18c4b93fd0cb7f6bdde82bd7b1038ffa36
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4601E272810B428FC7309F66D8C0406F7F9BF503053148A7FD19652930C3B0A9A5CF80
                                                                                                                                                                                                                Function 002AD73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _free.LIBCMT ref: 002AD752
                                                                                                                                                                                                                  • Part of subcall function 002A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,002AD7D1,00000000,00000000,00000000,00000000,?,002AD7F8,00000000,00000007,00000000,?,002ADBF5,00000000), ref: 002A29DE
                                                                                                                                                                                                                  • Part of subcall function 002A29C8: GetLastError.KERNEL32(00000000,?,002AD7D1,00000000,00000000,00000000,00000000,?,002AD7F8,00000000,00000007,00000000,?,002ADBF5,00000000,00000000), ref: 002A29F0
                                                                                                                                                                                                                • _free.LIBCMT ref: 002AD764
                                                                                                                                                                                                                • _free.LIBCMT ref: 002AD776
                                                                                                                                                                                                                • _free.LIBCMT ref: 002AD788
                                                                                                                                                                                                                • _free.LIBCMT ref: 002AD79A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                • Opcode ID: 8610fc52e50618448d36f737668f8ac3a77b0af81811aed5d7ff75ddce8c022a
                                                                                                                                                                                                                • Instruction ID: 5e8bb800e405bdb84c031e5de7865d4f10c1a00e55ad7cce5cf2e8eb6ce0c11d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8610fc52e50618448d36f737668f8ac3a77b0af81811aed5d7ff75ddce8c022a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: ABF0EC3256420AEF8666EB68FDC5C1AB7DDBB46710FA52805F049E7911CF20FCA08A65
                                                                                                                                                                                                                Function 002D5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 002D5C58
                                                                                                                                                                                                                • GetWindowTextW.USER32(00000000,?,00000100), ref: 002D5C6F
                                                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 002D5C87
                                                                                                                                                                                                                • KillTimer.USER32(?,0000040A), ref: 002D5CA3
                                                                                                                                                                                                                • EndDialog.USER32(?,00000001), ref: 002D5CBD
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3741023627-0
                                                                                                                                                                                                                • Opcode ID: b4bac25c84b96f2f9d2b82345b4de7d6925c62a55bf16269c42f88beeac30a27
                                                                                                                                                                                                                • Instruction ID: 386c19b405aa1d0fea943d60d52de48dcd88bb00c6086cffbc177212f2596e04
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4bac25c84b96f2f9d2b82345b4de7d6925c62a55bf16269c42f88beeac30a27
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B401D630530B14ABEB315B14DD5EFA67BBCBB00B05F04125BB583A11E1DBF5AD948A90
                                                                                                                                                                                                                Function 002A22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _free.LIBCMT ref: 002A22BE
                                                                                                                                                                                                                  • Part of subcall function 002A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,002AD7D1,00000000,00000000,00000000,00000000,?,002AD7F8,00000000,00000007,00000000,?,002ADBF5,00000000), ref: 002A29DE
                                                                                                                                                                                                                  • Part of subcall function 002A29C8: GetLastError.KERNEL32(00000000,?,002AD7D1,00000000,00000000,00000000,00000000,?,002AD7F8,00000000,00000007,00000000,?,002ADBF5,00000000,00000000), ref: 002A29F0
                                                                                                                                                                                                                • _free.LIBCMT ref: 002A22D0
                                                                                                                                                                                                                • _free.LIBCMT ref: 002A22E3
                                                                                                                                                                                                                • _free.LIBCMT ref: 002A22F4
                                                                                                                                                                                                                • _free.LIBCMT ref: 002A2305
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                • Opcode ID: 9ad748a60c2a2ec570491a83d4a36452daf248cb977f326845eb5ac64df7708c
                                                                                                                                                                                                                • Instruction ID: 142e1b2a27e5ebae86bb27102aef77bf8c2a42e68932ac931621a7d2a3159fbe
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ad748a60c2a2ec570491a83d4a36452daf248cb977f326845eb5ac64df7708c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 80F05478520611CF8757AF68BC418093B6CF71BB51F142516F510DE271CF302965AFE6
                                                                                                                                                                                                                Function 002895C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • EndPath.GDI32(?), ref: 002895D4
                                                                                                                                                                                                                • StrokeAndFillPath.GDI32(?,?,002C71F7,00000000,?,?,?), ref: 002895F0
                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00289603
                                                                                                                                                                                                                • DeleteObject.GDI32 ref: 00289616
                                                                                                                                                                                                                • StrokePath.GDI32(?), ref: 00289631
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2625713937-0
                                                                                                                                                                                                                • Opcode ID: e1435f954844e788ae1e79777abe3434b8c59bdedb6542c74899c8d33f019c7e
                                                                                                                                                                                                                • Instruction ID: 2de519fc1152bc2ee52b5ce2aea6d8e60b1ce63e7ffb3e27926e053fc4db3e58
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e1435f954844e788ae1e79777abe3434b8c59bdedb6542c74899c8d33f019c7e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4FF01939027A05EBDB176F65ED287643B6DAB02322F089315F429590F0DB3499E1DFA0
                                                                                                                                                                                                                Function 002A0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __freea$_free
                                                                                                                                                                                                                • String ID: a/p$am/pm
                                                                                                                                                                                                                • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                • Opcode ID: 74246053619e779caf63071f449d6920c034285ad852b86decfcc974b8e93bed
                                                                                                                                                                                                                • Instruction ID: 8fda41fa1c6bc22e8ffafeb758ad09f599f934642ca01ae6989d1ce2856c24ec
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 74246053619e779caf63071f449d6920c034285ad852b86decfcc974b8e93bed
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66D1F331930206DBCF249F68C855BFAB7B1EF07320F28019AE9059B650DB759DB0CB91
                                                                                                                                                                                                                Function 002F61D0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 324COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00290242: EnterCriticalSection.KERNEL32(0034070C,00341884,?,?,0028198B,00342518,?,?,?,002712F9,00000000), ref: 0029024D
                                                                                                                                                                                                                  • Part of subcall function 00290242: LeaveCriticalSection.KERNEL32(0034070C,?,0028198B,00342518,?,?,?,002712F9,00000000), ref: 0029028A
                                                                                                                                                                                                                  • Part of subcall function 002900A3: __onexit.LIBCMT ref: 002900A9
                                                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 002F6238
                                                                                                                                                                                                                  • Part of subcall function 002901F8: EnterCriticalSection.KERNEL32(0034070C,?,?,00288747,00342514), ref: 00290202
                                                                                                                                                                                                                  • Part of subcall function 002901F8: LeaveCriticalSection.KERNEL32(0034070C,?,00288747,00342514), ref: 00290235
                                                                                                                                                                                                                  • Part of subcall function 002E359C: LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 002E35E4
                                                                                                                                                                                                                  • Part of subcall function 002E359C: LoadStringW.USER32(00342390,?,00000FFF,?), ref: 002E360A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CriticalSection$EnterLeaveLoadString$Init_thread_footer__onexit
                                                                                                                                                                                                                • String ID: x#4$x#4$x#4
                                                                                                                                                                                                                • API String ID: 1072379062-1700540988
                                                                                                                                                                                                                • Opcode ID: 76454445cbbfec3e055998c1420f84439fba451e037d523366814dc06c4975f3
                                                                                                                                                                                                                • Instruction ID: 31f1b21a3aa5eb7edd03a0ab6d6a00739c762c9c29a383f13e9c23595ed031f2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 76454445cbbfec3e055998c1420f84439fba451e037d523366814dc06c4975f3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C7C19071A1010AAFDB14EF58C895DBEF7B9EF48340F548069FA05AB291DB70ED64CB90
                                                                                                                                                                                                                Function 002A5AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: JO'
                                                                                                                                                                                                                • API String ID: 0-1353136037
                                                                                                                                                                                                                • Opcode ID: c42c7ee06df0b63ab9e6debf3386160195f9219bd21f43d02c809c976e6f7f71
                                                                                                                                                                                                                • Instruction ID: 6e6cf33198f66faa07cc16e82de6e5aead037b0e4293346ca98547a77ffb5c01
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c42c7ee06df0b63ab9e6debf3386160195f9219bd21f43d02c809c976e6f7f71
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2451E371D3062A9FCF119FA4C945FAFBBB9AF06324F14005AF800A7296DF749921CB61
                                                                                                                                                                                                                Function 002A8A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 002A8B6E
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 002A8B7A
                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 002A8B81
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                                                                                                                                                                                                • String ID: .)
                                                                                                                                                                                                                • API String ID: 2434981716-3944007330
                                                                                                                                                                                                                • Opcode ID: 9eca859496b05fab768cccc399c24e5a6726faffecf3f8787c3ccb19acbe82df
                                                                                                                                                                                                                • Instruction ID: ce04e40c1131b2037cd509b80d49d38851b10b42284106c29a005b27dc9fd318
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9eca859496b05fab768cccc399c24e5a6726faffecf3f8787c3ccb19acbe82df
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E5416EB5634145AFDB259F64CC90A797FE5DB47308F2885A9F885C7152DE31CC22CBA0
                                                                                                                                                                                                                Function 002D2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 002DB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,002D21D0,?,?,00000034,00000800,?,00000034), ref: 002DB42D
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 002D2760
                                                                                                                                                                                                                  • Part of subcall function 002DB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,002D21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 002DB3F8
                                                                                                                                                                                                                  • Part of subcall function 002DB32A: GetWindowThreadProcessId.USER32(?,?), ref: 002DB355
                                                                                                                                                                                                                  • Part of subcall function 002DB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,002D2194,00000034,?,?,00001004,00000000,00000000), ref: 002DB365
                                                                                                                                                                                                                  • Part of subcall function 002DB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,002D2194,00000034,?,?,00001004,00000000,00000000), ref: 002DB37B
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 002D27CD
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 002D281A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                • Opcode ID: 9d8022fe391bc7083775330c82326824e0520d57e17fe18da492d19a115fc0fe
                                                                                                                                                                                                                • Instruction ID: 205f3327a5136221817703aa55e775d762dc2c5ee201fc6538ad445a1768021b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9d8022fe391bc7083775330c82326824e0520d57e17fe18da492d19a115fc0fe
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 39413D72910218AFDB11DFA4CD51ADEBBB8EF05300F104096FA55B7281DB716E99DF60
                                                                                                                                                                                                                Function 002A172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 002A1769
                                                                                                                                                                                                                • _free.LIBCMT ref: 002A1834
                                                                                                                                                                                                                • _free.LIBCMT ref: 002A183E
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _free$FileModuleName
                                                                                                                                                                                                                • String ID: C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                • API String ID: 2506810119-1957095476
                                                                                                                                                                                                                • Opcode ID: 9cd9c10c1580a45ae6cb30a913f6b56eabc88442ff59366954984f16187c1c6b
                                                                                                                                                                                                                • Instruction ID: 2d8d74331e0e1e87325c35470030cef00d1618947e1f6c3fa110c63ac5d00569
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9cd9c10c1580a45ae6cb30a913f6b56eabc88442ff59366954984f16187c1c6b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C0317375A10219EFDB22DF999C81D9EBBBCEB86320F104166E404D7211DFB05A60CB90
                                                                                                                                                                                                                Function 002DC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 002DC306
                                                                                                                                                                                                                • DeleteMenu.USER32(?,00000007,00000000), ref: 002DC34C
                                                                                                                                                                                                                • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00341990,01596400), ref: 002DC395
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                • API String ID: 135850232-4108050209
                                                                                                                                                                                                                • Opcode ID: 66ddd308d0332fd4091159ff57907bb8b67e0eb23d6e7eaa22f18e4d28ef74cf
                                                                                                                                                                                                                • Instruction ID: cb6d5cd63ad3c7ecc8664cf02a059210ae4166e6ab278a24147dc7455a88dca9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 66ddd308d0332fd4091159ff57907bb8b67e0eb23d6e7eaa22f18e4d28ef74cf
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8741A2312143429FDB24DF29D884B1ABBE8AF85310F20869EF965973D1D770ED54CB52
                                                                                                                                                                                                                Function 00304416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0030CC08,00000000,?,?,?,?), ref: 003044AA
                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 003044C7
                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 003044D7
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$Long
                                                                                                                                                                                                                • String ID: SysTreeView32
                                                                                                                                                                                                                • API String ID: 847901565-1698111956
                                                                                                                                                                                                                • Opcode ID: b0dccb7ab1ac09f1eed8077530e9c0a3c34855e6aadaa5eee9fd4888b63b9fe5
                                                                                                                                                                                                                • Instruction ID: c63b79ca8890f76fefc937bd5f7cfff5504bf0a88dfd3fc2c29b1c6356b1c0ac
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b0dccb7ab1ac09f1eed8077530e9c0a3c34855e6aadaa5eee9fd4888b63b9fe5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D731DE71211205AFDB229F38DC55BEA77A9EB09334F214315FA79921D0DB70ED909B50
                                                                                                                                                                                                                Function 002D6E71 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SysReAllocString.OLEAUT32(?,?), ref: 002D6EED
                                                                                                                                                                                                                • VariantCopyInd.OLEAUT32(?,?), ref: 002D6F08
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 002D6F12
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Variant$AllocClearCopyString
                                                                                                                                                                                                                • String ID: *j-
                                                                                                                                                                                                                • API String ID: 2173805711-274122108
                                                                                                                                                                                                                • Opcode ID: 6644d0b4720f7407a9d473ee3a34712201d8f7e05dbf8043601f128bee4ce916
                                                                                                                                                                                                                • Instruction ID: 3de3444438b440005a4a38d456c1cfadee8b8af4c0d18e34b7f11a39013e8ffb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6644d0b4720f7407a9d473ee3a34712201d8f7e05dbf8043601f128bee4ce916
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB31AFB1624645DFCB06AFA4E8999BE3776FF84304B20449AF9074B7A1C7709D21DB90
                                                                                                                                                                                                                Function 002F304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 002F335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,002F3077,?,?), ref: 002F3378
                                                                                                                                                                                                                • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 002F307A
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002F309B
                                                                                                                                                                                                                • htons.WSOCK32(00000000,?,?,00000000), ref: 002F3106
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                • String ID: 255.255.255.255
                                                                                                                                                                                                                • API String ID: 946324512-2422070025
                                                                                                                                                                                                                • Opcode ID: 155c9c4438f6ef658c2beda0427f70f440800f56687afc7c74fe2d7aafe06c88
                                                                                                                                                                                                                • Instruction ID: cfffc8cd5ed7e203fd361d264590486f3283f0f0ec0333ec9af0d53a9f29e9e0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 155c9c4438f6ef658c2beda0427f70f440800f56687afc7c74fe2d7aafe06c88
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F31093521020A9FCB10CF28C485E7AB7E0EF14394F24C06AEA158B392DB72DE55CB60
                                                                                                                                                                                                                Function 00303EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00303F40
                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00303F54
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00303F78
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$Window
                                                                                                                                                                                                                • String ID: SysMonthCal32
                                                                                                                                                                                                                • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                • Opcode ID: f4aca545c93fc44e712d490f65cb2e16566ff8f56a7987d54bec74e6eee06007
                                                                                                                                                                                                                • Instruction ID: f6fd6831e522b023272e50f4cfa234fe39792c8e2e5afe443dae28f7af20d521
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4aca545c93fc44e712d490f65cb2e16566ff8f56a7987d54bec74e6eee06007
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F21A132610219BFDF269F50CC56FEA3B79EF48714F110215FA156B1D0DAB1AD61CB90
                                                                                                                                                                                                                Function 00304653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00304705
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00304713
                                                                                                                                                                                                                • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0030471A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                • String ID: msctls_updown32
                                                                                                                                                                                                                • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                • Opcode ID: 8a17c1ad76143743f1b1b7a617a1cd895a4eeb36b9e9b2a634a101b47d8a4200
                                                                                                                                                                                                                • Instruction ID: 4061cd0e22b0880cccc0fbba7dd4b0e34cc4a49dafcc1bd58875c0875ca8da7a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8a17c1ad76143743f1b1b7a617a1cd895a4eeb36b9e9b2a634a101b47d8a4200
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C2192F5601208AFDB12DF68DCE1DA737ADEF5A794B050449F6109B2A1CB31ED51CA60
                                                                                                                                                                                                                Function 002D95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcslen
                                                                                                                                                                                                                • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                • API String ID: 176396367-2734436370
                                                                                                                                                                                                                • Opcode ID: 13ab08d3c98cf57c47030fdf1a740765296ca4901b419c5b7da47154ae685d53
                                                                                                                                                                                                                • Instruction ID: ccd5ff4e7766279312aa8d7a9b2a0875128a94c59aae6ab8ada13d41c6e9959e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 13ab08d3c98cf57c47030fdf1a740765296ca4901b419c5b7da47154ae685d53
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6D21233223861266D731BE28A812FAB739C9F91310F544027FA4997281EBA5EDF1C7D5
                                                                                                                                                                                                                Function 003037B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00303840
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00303850
                                                                                                                                                                                                                • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00303876
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                • String ID: Listbox
                                                                                                                                                                                                                • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                • Opcode ID: 8559f56b60a7ad19fd31619e69caa7c6538280c1ffc455e117b4668aa70ef21f
                                                                                                                                                                                                                • Instruction ID: ef1fb594e2145c1e5f9b5766fc06cc4c0f66e046557e861c5bfc49ba311bd1fb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8559f56b60a7ad19fd31619e69caa7c6538280c1ffc455e117b4668aa70ef21f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D219F72612218BBEF228F54CC95FBB376EEF89B50F118124F9549B1D0CA71DC528BA0
                                                                                                                                                                                                                Function 002E49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 002E4A08
                                                                                                                                                                                                                • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 002E4A5C
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,0030CC08), ref: 002E4AD0
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                • String ID: %lu
                                                                                                                                                                                                                • API String ID: 2507767853-685833217
                                                                                                                                                                                                                • Opcode ID: 0f887fc218bf40fe20b34ac5aefe606b73ce9bb5b34c986288bd31ff28954e13
                                                                                                                                                                                                                • Instruction ID: 3983a0de9c351358fe56202874e4a5ab7d3403d4095e2dd5159af6e54ab46da3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f887fc218bf40fe20b34ac5aefe606b73ce9bb5b34c986288bd31ff28954e13
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B4318E70A10209AFDB11DF54C895EAABBF8EF08308F1480A9E809DB352D771EE55CF61
                                                                                                                                                                                                                Function 003041EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0030424F
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00304264
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00304271
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                • String ID: msctls_trackbar32
                                                                                                                                                                                                                • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                • Opcode ID: cd17a08256e382892da739a941067f5ec01c7f9459ba33f6d6dc2e3b5f95e6c1
                                                                                                                                                                                                                • Instruction ID: 4c2e62d56d856919974f6711eebcf940defac7c5b31fb6a01238e5d560393f42
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cd17a08256e382892da739a941067f5ec01c7f9459ba33f6d6dc2e3b5f95e6c1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0011E371341208BEEF225F28CC06FAB7BACEF85B54F020514FA55E60D0D671D8619B10
                                                                                                                                                                                                                Function 002D2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00276B57: _wcslen.LIBCMT ref: 00276B6A
                                                                                                                                                                                                                  • Part of subcall function 002D2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 002D2DC5
                                                                                                                                                                                                                  • Part of subcall function 002D2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 002D2DD6
                                                                                                                                                                                                                  • Part of subcall function 002D2DA7: GetCurrentThreadId.KERNEL32 ref: 002D2DDD
                                                                                                                                                                                                                  • Part of subcall function 002D2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 002D2DE4
                                                                                                                                                                                                                • GetFocus.USER32 ref: 002D2F78
                                                                                                                                                                                                                  • Part of subcall function 002D2DEE: GetParent.USER32(00000000), ref: 002D2DF9
                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 002D2FC3
                                                                                                                                                                                                                • EnumChildWindows.USER32(?,002D303B), ref: 002D2FEB
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                • String ID: %s%d
                                                                                                                                                                                                                • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                • Opcode ID: ba8588f85d54709a8f93ef5f017a7018f49a874bcc3434ea0e9dca86149b203f
                                                                                                                                                                                                                • Instruction ID: 73c72f950c722c2096cc569f57735c23d70380f6a120bec86502812012ecfeb6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba8588f85d54709a8f93ef5f017a7018f49a874bcc3434ea0e9dca86149b203f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A11E775220205ABCF51BF70CC95EED376AAF94308F049076F9099B292DE715E198F60
                                                                                                                                                                                                                Function 00305882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 003058C1
                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 003058EE
                                                                                                                                                                                                                • DrawMenuBar.USER32(?), ref: 003058FD
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                • Opcode ID: 92ae61dd22cbe956ef3fa997c09ac25887604ff9665994b136cb3b548291a285
                                                                                                                                                                                                                • Instruction ID: ec3c63d03e22965a40424b1983e6624dea27955e39ada948cc4f99bcf50c2a91
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92ae61dd22cbe956ef3fa997c09ac25887604ff9665994b136cb3b548291a285
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A018036512218EFDB629F12DC54BAFBBB8FF45361F10809AE849D6191DB308A94DF21
                                                                                                                                                                                                                Function 002D007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 14691c9f646da65a58025c48f7a46b21da4373ec25a89aad46fa358010022c52
                                                                                                                                                                                                                • Instruction ID: da5c9fbc3b48ce98dd2a4acb0d44faf888d94d18f2030f75818ef5063a4331a1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 14691c9f646da65a58025c48f7a46b21da4373ec25a89aad46fa358010022c52
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7EC13975A10206EFDB14CFA4C898BAEB7B5FF48304F108599E905EB261D771EE91CB90
                                                                                                                                                                                                                Function 002F342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1998397398-0
                                                                                                                                                                                                                • Opcode ID: 423d61d8c93efe798c44c6e0b2d03bd5debef87f77bc8d157447db4f86cc4efc
                                                                                                                                                                                                                • Instruction ID: ec6f7ea2917d53ea6379d717b57b71e02324fb1ea19e5aab9f21a29a537d9b43
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 423d61d8c93efe798c44c6e0b2d03bd5debef87f77bc8d157447db4f86cc4efc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 96A14B756242059FC700EF24C485A2AB7E5FF88754F148859F98A9B362DB70EE11CF51
                                                                                                                                                                                                                Function 002D0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0030FC08,?), ref: 002D05F0
                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0030FC08,?), ref: 002D0608
                                                                                                                                                                                                                • CLSIDFromProgID.OLE32(?,?,00000000,0030CC40,000000FF,?,00000000,00000800,00000000,?,0030FC08,?), ref: 002D062D
                                                                                                                                                                                                                • _memcmp.LIBVCRUNTIME ref: 002D064E
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 314563124-0
                                                                                                                                                                                                                • Opcode ID: 5db8799df2838beef49e270dd572d0b20f187ffc7f9e48b21d0f39ecc71f8951
                                                                                                                                                                                                                • Instruction ID: b2cc3d166dcc951e1b2bd6c624b7095edad5d9d4b7d8d83803d2d4526f1bcf17
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5db8799df2838beef49e270dd572d0b20f187ffc7f9e48b21d0f39ecc71f8951
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 04814D71A10109EFCB04DF94C984EEEB7B9FF89315F204199E506AB260DB71AE16CF60
                                                                                                                                                                                                                Function 002FA67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 002FA6AC
                                                                                                                                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 002FA6BA
                                                                                                                                                                                                                  • Part of subcall function 00279CB3: _wcslen.LIBCMT ref: 00279CBD
                                                                                                                                                                                                                • Process32NextW.KERNEL32(00000000,?), ref: 002FA79C
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 002FA7AB
                                                                                                                                                                                                                  • Part of subcall function 0028CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,002B3303,?), ref: 0028CE8A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1991900642-0
                                                                                                                                                                                                                • Opcode ID: 818a138bac434ebeef3a0686880176b68fab8b420c614b24bb5f5f0a13169c33
                                                                                                                                                                                                                • Instruction ID: 8656a59feb6639d569338ae35f520d73a6a47e07968c21392bd2cf485dcd8c9b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 818a138bac434ebeef3a0686880176b68fab8b420c614b24bb5f5f0a13169c33
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 715139B55183019FD710EF24C886A6BBBE8FF89754F00892DF58997292EB30D914CF92
                                                                                                                                                                                                                Function 002B1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _free
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 269201875-0
                                                                                                                                                                                                                • Opcode ID: 6ec0bf13306024d6cf054b1df39d4c98fa0a3b962f3b301ad577485098306e60
                                                                                                                                                                                                                • Instruction ID: 515354cfe39caa4f869fe79dba5abe48d72170dc78aff12689689da0de7b2e4d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ec0bf13306024d6cf054b1df39d4c98fa0a3b962f3b301ad577485098306e60
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C5416D31A30101ABDF217FBD8C567FE3AB4EF463B0F644266F818D2192EA7449715B61
                                                                                                                                                                                                                Function 00306278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 003062E2
                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00306315
                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00306382
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3880355969-0
                                                                                                                                                                                                                • Opcode ID: 5ba16692b91db5b0ba48e6d6d89005066b1456991e41fbe9d362f2008624c26e
                                                                                                                                                                                                                • Instruction ID: 304fbaf7729660d3c938a0b1659e3abaa0320d5537e263039b179b58a4e8a8dd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ba16692b91db5b0ba48e6d6d89005066b1456991e41fbe9d362f2008624c26e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7515D74901209EFCB22CF54D891AAE7BB9EF45360F118259F8159B2E4D730ED91CB90
                                                                                                                                                                                                                Function 002F1AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000002,00000011), ref: 002F1AFD
                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 002F1B0B
                                                                                                                                                                                                                • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 002F1B8A
                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 002F1B94
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$socket
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1881357543-0
                                                                                                                                                                                                                • Opcode ID: a2b1b4c58f55d3ef5666d85a979aa32e6f0deb88d5bcdeda3ead469e55780c5b
                                                                                                                                                                                                                • Instruction ID: c90c06055597a72adae484f42b7dde1b2cce17d47bad93a4df3d1bee205ea518
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a2b1b4c58f55d3ef5666d85a979aa32e6f0deb88d5bcdeda3ead469e55780c5b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C641C134650201AFE720AF24C886F3977E5AB44718F94C458FA1A9F7D3D772DD628B90
                                                                                                                                                                                                                Function 002AB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 79df1ed6228bcf2aa2df6db7ba7588c7b7c2026ae11828b1e8828663ed24d29c
                                                                                                                                                                                                                • Instruction ID: 5f4d9f5d6ff66cb3f0b679fc88176713f173b0388880b2bca48f041969c468e7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 79df1ed6228bcf2aa2df6db7ba7588c7b7c2026ae11828b1e8828663ed24d29c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C410A75A20304AFD7259F78CC51BAABBA9EF8D710F10452EF551DB282DB71A921CB80
                                                                                                                                                                                                                Function 002E56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 002E5783
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 002E57A9
                                                                                                                                                                                                                • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 002E57CE
                                                                                                                                                                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 002E57FA
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3321077145-0
                                                                                                                                                                                                                • Opcode ID: 38bfc3b81b0c4ebec852154a398562b17f18690d1b680d3b1b05fa29f120be30
                                                                                                                                                                                                                • Instruction ID: da6d2d8a482268394fd96a67d97975ae0be1920da29135c7d439ef8fcc774fc9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 38bfc3b81b0c4ebec852154a398562b17f18690d1b680d3b1b05fa29f120be30
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1413C35220611DFCB11EF15C544A1DBBE6AF89324B58C489EC4A5B362CB30FD50CF91
                                                                                                                                                                                                                Function 002AD8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,?,00296D71,00000000,00000000,002982D9,?,002982D9,?,00000001,00296D71,?,00000001,002982D9,002982D9), ref: 002AD910
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 002AD999
                                                                                                                                                                                                                • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 002AD9AB
                                                                                                                                                                                                                • __freea.LIBCMT ref: 002AD9B4
                                                                                                                                                                                                                  • Part of subcall function 002A3820: RtlAllocateHeap.NTDLL(00000000,?,00341444,?,0028FDF5,?,?,0027A976,00000010,00341440,002713FC,?,002713C6,?,00271129), ref: 002A3852
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2652629310-0
                                                                                                                                                                                                                • Opcode ID: 5d506d843e8861e69135d71a504097807de175da4c4880a20aae22c16e5d1e8b
                                                                                                                                                                                                                • Instruction ID: ff4db6c58ecbb48164e57ee3af213ce5957b8fc2cc37b741ceae5bd910c4fa78
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d506d843e8861e69135d71a504097807de175da4c4880a20aae22c16e5d1e8b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F331AE72A2020BABDF259F64DC45EAF7BA9EB42310F054269FC05D6150EB35CD64CB90
                                                                                                                                                                                                                Function 003052C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 00305352
                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00305375
                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00305382
                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 003053A8
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3340791633-0
                                                                                                                                                                                                                • Opcode ID: e01fbd6603c2f5020b987fbf86ee126d732a75eeb598583d94d98cdd306f42a5
                                                                                                                                                                                                                • Instruction ID: 1646636a095bbc9f47de9c33740fa78568ee5be06b45863ffeca91c350086c0e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e01fbd6603c2f5020b987fbf86ee126d732a75eeb598583d94d98cdd306f42a5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8731C83CA57A0CEFEB339F14CC26BEA7769AB05390F594181F610561E1C7B1A980DF41
                                                                                                                                                                                                                Function 002DAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 002DABF1
                                                                                                                                                                                                                • SetKeyboardState.USER32(00000080,?,00008000), ref: 002DAC0D
                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000101,00000000), ref: 002DAC74
                                                                                                                                                                                                                • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 002DACC6
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 432972143-0
                                                                                                                                                                                                                • Opcode ID: b1d4ab52bf7af11c83ab0a6395a87f4b87a50ae8db35cf6d43bf901ff0257c23
                                                                                                                                                                                                                • Instruction ID: 3c55bfe86a50c6eabff7ed60c847d4f93af8ccaf0c28f230c5dbb0e7106d8574
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b1d4ab52bf7af11c83ab0a6395a87f4b87a50ae8db35cf6d43bf901ff0257c23
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7331F630A746196FEB358F658C14FFA7BA5AB89320F08431BE485523D1C3758DA58752
                                                                                                                                                                                                                Function 00307674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 0030769A
                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00307710
                                                                                                                                                                                                                • PtInRect.USER32(?,?,00308B89), ref: 00307720
                                                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 0030778C
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1352109105-0
                                                                                                                                                                                                                • Opcode ID: b5ec1b677e636863de91f8dc0fac6607d3c90c5009078428473ccb439a57b7b8
                                                                                                                                                                                                                • Instruction ID: e850c5769b2bccaeb9d67b52021c7caa0057253aeb3d1b5d34f67b27f11918b2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b5ec1b677e636863de91f8dc0fac6607d3c90c5009078428473ccb439a57b7b8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B4419F38A06214DFCB13CF58C8A4EA977F8BB49B80F1541A9E4149F2A1C771B941CF90
                                                                                                                                                                                                                Function 003016DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 003016EB
                                                                                                                                                                                                                  • Part of subcall function 002D3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 002D3A57
                                                                                                                                                                                                                  • Part of subcall function 002D3A3D: GetCurrentThreadId.KERNEL32 ref: 002D3A5E
                                                                                                                                                                                                                  • Part of subcall function 002D3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,002D25B3), ref: 002D3A65
                                                                                                                                                                                                                • GetCaretPos.USER32(?), ref: 003016FF
                                                                                                                                                                                                                • ClientToScreen.USER32(00000000,?), ref: 0030174C
                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 00301752
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2759813231-0
                                                                                                                                                                                                                • Opcode ID: e3b644825094968af1e0699575559ff28009b99751ba1708ccbf50e9714e1750
                                                                                                                                                                                                                • Instruction ID: ea9621c2690fd0eecc19aee54527007612fdb7574b057dcfee40e18385d2287f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e3b644825094968af1e0699575559ff28009b99751ba1708ccbf50e9714e1750
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD316F71D11149AFCB01EFAAC891CAEBBFDEF48304B5080AAE415E7651E7319E45CFA1
                                                                                                                                                                                                                Function 002DDF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00277620: _wcslen.LIBCMT ref: 00277625
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002DDFCB
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002DDFE2
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002DE00D
                                                                                                                                                                                                                • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 002DE018
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcslen$ExtentPoint32Text
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3763101759-0
                                                                                                                                                                                                                • Opcode ID: 83746b78c3b283e6b26be8ee7368f74c69b3105bd557f489862c571d9944648f
                                                                                                                                                                                                                • Instruction ID: 635d4e844b4387eb95df9aa78695ee6ccd94281f924d2d8b7e1a79aca2f05034
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 83746b78c3b283e6b26be8ee7368f74c69b3105bd557f489862c571d9944648f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F21F475910215EFCF21EFA8D981BAEB7F8EF45710F144065E804BB381D6709E61CBA1
                                                                                                                                                                                                                Function 00308FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00289BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00289BB2
                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00309001
                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,002C7711,?,?,?,?,?), ref: 00309016
                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 0030905E
                                                                                                                                                                                                                • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,002C7711,?,?,?), ref: 00309094
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2864067406-0
                                                                                                                                                                                                                • Opcode ID: cd02803a02c855ec00573b155e927ee1b4a6f10bd532e0c9ae2b62e7669ba2ac
                                                                                                                                                                                                                • Instruction ID: 7d9225c212fe2dc4625869ba64453653a0872c02c63c246eb8ebd240b13c9bbb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cd02803a02c855ec00573b155e927ee1b4a6f10bd532e0c9ae2b62e7669ba2ac
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FA218035602018AFDB268F94CC68FFB7BB9EB4A350F044196F9454B1A2C731A990DB60
                                                                                                                                                                                                                Function 002DD2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?,0030CB68), ref: 002DD2FB
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 002DD30A
                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 002DD319
                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0030CB68), ref: 002DD376
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2267087916-0
                                                                                                                                                                                                                • Opcode ID: e7c977e42514870e1d3694ab0eda80cf9617d39fad02499a82458e6d25178f82
                                                                                                                                                                                                                • Instruction ID: d0b082ac1ce7ad185038724169ba5d1f6f8b9c728801a82f73c0b4ad0c4904bb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e7c977e42514870e1d3694ab0eda80cf9617d39fad02499a82458e6d25178f82
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10218D705297029FC710EF28C8818AAB7E8AE56324F104A5EF899C33A1D7309D55CF93
                                                                                                                                                                                                                Function 002D1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 002D1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 002D102A
                                                                                                                                                                                                                  • Part of subcall function 002D1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 002D1036
                                                                                                                                                                                                                  • Part of subcall function 002D1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 002D1045
                                                                                                                                                                                                                  • Part of subcall function 002D1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 002D104C
                                                                                                                                                                                                                  • Part of subcall function 002D1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 002D1062
                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 002D15BE
                                                                                                                                                                                                                • _memcmp.LIBVCRUNTIME ref: 002D15E1
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 002D1617
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 002D161E
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1592001646-0
                                                                                                                                                                                                                • Opcode ID: f711fcdbe7c593ca8e668fd292550a9683be3adb6f2982f79866cc9f9970a671
                                                                                                                                                                                                                • Instruction ID: aa823ba40e664f811491e2807c6871c01688d87204dd699eae732135f478318c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f711fcdbe7c593ca8e668fd292550a9683be3adb6f2982f79866cc9f9970a671
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 04216971E21109BFDB04DFA4C945BEEB7B8EF44344F08455AE441AB241E734AE65CBA0
                                                                                                                                                                                                                Function 00302782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 0030280A
                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00302824
                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00302832
                                                                                                                                                                                                                • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00302840
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2169480361-0
                                                                                                                                                                                                                • Opcode ID: cf01d618e4c791e36a6c0abe03ae68665a63e54d45fbfbef25d76e402d58ab6d
                                                                                                                                                                                                                • Instruction ID: cca5af6300ee559808c8e8a166c1aaceaf8b195d919949f5d02a49e00671a430
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf01d618e4c791e36a6c0abe03ae68665a63e54d45fbfbef25d76e402d58ab6d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA210635206110AFD7169B24CC68F6B7799AF46324F248259F4268B6E2CB71FC42CB90
                                                                                                                                                                                                                Function 002D78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 002D8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,002D790A,?,000000FF,?,002D8754,00000000,?,0000001C,?,?), ref: 002D8D8C
                                                                                                                                                                                                                  • Part of subcall function 002D8D7D: lstrcpyW.KERNEL32(00000000,?,?,002D790A,?,000000FF,?,002D8754,00000000,?,0000001C,?,?,00000000), ref: 002D8DB2
                                                                                                                                                                                                                  • Part of subcall function 002D8D7D: lstrcmpiW.KERNEL32(00000000,?,002D790A,?,000000FF,?,002D8754,00000000,?,0000001C,?,?), ref: 002D8DE3
                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,002D8754,00000000,?,0000001C,?,?,00000000), ref: 002D7923
                                                                                                                                                                                                                • lstrcpyW.KERNEL32(00000000,?,?,002D8754,00000000,?,0000001C,?,?,00000000), ref: 002D7949
                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(00000002,cdecl,?,002D8754,00000000,?,0000001C,?,?,00000000), ref: 002D7984
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                • String ID: cdecl
                                                                                                                                                                                                                • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                • Opcode ID: 719d2dbc13863aeddd4c6dfd9123d80e1bb2a423df849e395f5398d2f1a52dc0
                                                                                                                                                                                                                • Instruction ID: ebfd8039d72a27cc50384efcc582e69b4ca6792b405cfbd2cc3f56a562d4e812
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 719d2dbc13863aeddd4c6dfd9123d80e1bb2a423df849e395f5398d2f1a52dc0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A911E13A225242ABCB15AF34C855DBA77A9FF85350B00402BE802C73A4FB359C21CBA1
                                                                                                                                                                                                                Function 00307CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00307D0B
                                                                                                                                                                                                                • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00307D2A
                                                                                                                                                                                                                • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00307D42
                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,002EB7AD,00000000), ref: 00307D6B
                                                                                                                                                                                                                  • Part of subcall function 00289BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00289BB2
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$Long
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 847901565-0
                                                                                                                                                                                                                • Opcode ID: 5355ccfd630660742098d75b3528a2f4a29fbfbaa97c0656b368e85a6d6d5610
                                                                                                                                                                                                                • Instruction ID: 858dbe88a3e25e0bedd193753095e0b2ab5f1fd5eba83368210396438c35c86c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5355ccfd630660742098d75b3528a2f4a29fbfbaa97c0656b368e85a6d6d5610
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B711B735A16A15AFDB129F28CC14AB63BA9AF46360F154725F835CB1F0E731ED50CB50
                                                                                                                                                                                                                Function 00305660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001060,?,00000004), ref: 003056BB
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 003056CD
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 003056D8
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00305816
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend_wcslen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 455545452-0
                                                                                                                                                                                                                • Opcode ID: 45138547a79fe3a32adf5114aca4428400d79c1ff6eec625d92c1fabbd3c9d42
                                                                                                                                                                                                                • Instruction ID: 65aed2ee978781a6dd26fdbd0287372a115b76461617729f25ea98c13c46aab5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 45138547a79fe3a32adf5114aca4428400d79c1ff6eec625d92c1fabbd3c9d42
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA11EE35A02608A6DF229F65CC95AFF77ACEF00760F104026F905D60C1EBB09A80CF60
                                                                                                                                                                                                                Function 002A1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: f670a84003b479cda381d187cab4555e528bafc16e3b5f807ac6f0858143105f
                                                                                                                                                                                                                • Instruction ID: 92b8bc171db1cc4232c77140d1299c197468a2a2fa56990b4c43322ec9358c1c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f670a84003b479cda381d187cab4555e528bafc16e3b5f807ac6f0858143105f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA018FB2225A17BFF6112A786CC0F27661DDF437B8F301326F521611D2DF608C308560
                                                                                                                                                                                                                Function 002D1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 002D1A47
                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 002D1A59
                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 002D1A6F
                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 002D1A8A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                • Opcode ID: 4efeef52422dbc473b9073dd28a2862be575ff5ff9a3ab33a1a41f331c2dda04
                                                                                                                                                                                                                • Instruction ID: 48587d051c2dd970fafffb04b3f9a79d320529c74e129346c36880101d6443e8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4efeef52422dbc473b9073dd28a2862be575ff5ff9a3ab33a1a41f331c2dda04
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D11093AD01219FFEB11DBA5CD85FADFB78EB08750F200092EA04B7294D6716E61DB94
                                                                                                                                                                                                                Function 002DE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 002DE1FD
                                                                                                                                                                                                                • MessageBoxW.USER32(?,?,?,?), ref: 002DE230
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 002DE246
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 002DE24D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2880819207-0
                                                                                                                                                                                                                • Opcode ID: 2d106a6702dcc248ac0b4226fd4ab0bff92c5ad49a3e9398d58d4ad44ce7348e
                                                                                                                                                                                                                • Instruction ID: 8bf6e24384e6cf3a07c8c30a18c94f5c1d3043e55dc6b0b046da9f2c17332205
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2d106a6702dcc248ac0b4226fd4ab0bff92c5ad49a3e9398d58d4ad44ce7348e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D112B7AD24254BFCB02AFA89C09A9F7FACAB46310F00435AF914D7391D6B0DD148BA0
                                                                                                                                                                                                                Function 0029D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,?,0029CFF9,00000000,00000004,00000000), ref: 0029D218
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0029D224
                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 0029D22B
                                                                                                                                                                                                                • ResumeThread.KERNEL32(00000000), ref: 0029D249
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 173952441-0
                                                                                                                                                                                                                • Opcode ID: f2ebb0e6e390d601d14c839f66c988d9f7c555afcf10bb2d344e4b5c3e55f817
                                                                                                                                                                                                                • Instruction ID: 313405a61121453393268b426104908a03d793dbcd5e73ce416efc159ad3b0de
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f2ebb0e6e390d601d14c839f66c988d9f7c555afcf10bb2d344e4b5c3e55f817
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F01D636C35205BBDF115FA5DC05BAA7A6DDF81730F200319FD25961D1CB70C921DAA0
                                                                                                                                                                                                                Function 00309EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00289BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00289BB2
                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00309F31
                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00309F3B
                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00309F46
                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00309F7A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4127811313-0
                                                                                                                                                                                                                • Opcode ID: 05a489f16eb120322dc429d3962e8f243e4e57be501d9349f5fc61a5098c7a7e
                                                                                                                                                                                                                • Instruction ID: 25cec9ef56a92d2c32f1357d8e6b8851c719964856aff006186539d282fc0d3f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 05a489f16eb120322dc429d3962e8f243e4e57be501d9349f5fc61a5098c7a7e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E115E3590211AABDB12DF58D865AEE77BCFB05312F000552F911E7181D730BA91CBA1
                                                                                                                                                                                                                Function 0027600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0027604C
                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00276060
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 0027606A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3970641297-0
                                                                                                                                                                                                                • Opcode ID: 62436c95da2dcf95407982393f63e1486ccc24cda4a955b384041dd392dca753
                                                                                                                                                                                                                • Instruction ID: e7e5130eb425b7211abc7e39787f84aefccd30dbd18a9233fbeac2e5c418a6dd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 62436c95da2dcf95407982393f63e1486ccc24cda4a955b384041dd392dca753
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB11617252290ABFEF125F94DC58EEABB6DFF097A4F044216FA1852150D7329C60DF90
                                                                                                                                                                                                                Function 00293B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ___BuildCatchObject.LIBVCRUNTIME ref: 00293B56
                                                                                                                                                                                                                  • Part of subcall function 00293AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00293AD2
                                                                                                                                                                                                                  • Part of subcall function 00293AA3: ___AdjustPointer.LIBCMT ref: 00293AED
                                                                                                                                                                                                                • _UnwindNestedFrames.LIBCMT ref: 00293B6B
                                                                                                                                                                                                                • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00293B7C
                                                                                                                                                                                                                • CallCatchBlock.LIBVCRUNTIME ref: 00293BA4
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 737400349-0
                                                                                                                                                                                                                • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                • Instruction ID: b6472c8e7cbf61b0dfe33b8522bb33518d73fbce29ea8049243eb8931b55c77f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9101E932110149BBDF12AE95CC46EEB7B6AFF58758F044018FE4896121C732E972EFA0
                                                                                                                                                                                                                Function 002A3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,002713C6,00000000,00000000,?,002A301A,002713C6,00000000,00000000,00000000,?,002A328B,00000006,FlsSetValue), ref: 002A30A5
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,002A301A,002713C6,00000000,00000000,00000000,?,002A328B,00000006,FlsSetValue,00312290,FlsSetValue,00000000,00000364,?,002A2E46), ref: 002A30B1
                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,002A301A,002713C6,00000000,00000000,00000000,?,002A328B,00000006,FlsSetValue,00312290,FlsSetValue,00000000), ref: 002A30BF
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3177248105-0
                                                                                                                                                                                                                • Opcode ID: 0d14d1563cf2d9027676dd96b1d7a89a207855b9069aee119e703b45ec9b38a1
                                                                                                                                                                                                                • Instruction ID: 7a6152145fc88d0393c1df9435c759688ace400831fa94be448a43e9d8b0dd62
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0d14d1563cf2d9027676dd96b1d7a89a207855b9069aee119e703b45ec9b38a1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98018436732223ABCB228F799C449577B9CAF46BA1F214721F906E7180DF21D915CAE0
                                                                                                                                                                                                                Function 002D7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 002D747F
                                                                                                                                                                                                                • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 002D7497
                                                                                                                                                                                                                • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 002D74AC
                                                                                                                                                                                                                • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 002D74CA
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1352324309-0
                                                                                                                                                                                                                • Opcode ID: 08292c0e767b7e2401e315dda435c4d191a49dbb7e0cc51ca7f9cfc7550e4448
                                                                                                                                                                                                                • Instruction ID: b93c0681525b9b13db6f33b98a6ee0437979c871135718f7f35db96e5ddeb51c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 08292c0e767b7e2401e315dda435c4d191a49dbb7e0cc51ca7f9cfc7550e4448
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6211ADB5226311ABF7228F14DC08B92BBFCEB00B00F10856BA616D6291E7B4ED14DB60
                                                                                                                                                                                                                Function 002DB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,002DACD3,?,00008000), ref: 002DB0C4
                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,002DACD3,?,00008000), ref: 002DB0E9
                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,002DACD3,?,00008000), ref: 002DB0F3
                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,002DACD3,?,00008000), ref: 002DB126
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2875609808-0
                                                                                                                                                                                                                • Opcode ID: e30e916aa4607be6dbadd6327730133c69914228dc36e91e482554a254ba3894
                                                                                                                                                                                                                • Instruction ID: b379b04a52f610a0c432880195f7abf356e690c5738b2639e649dd646254fb8b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e30e916aa4607be6dbadd6327730133c69914228dc36e91e482554a254ba3894
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 37116131C2161DD7CF05AFE4D9796EEBB78FF09711F128187D941B2281CB7099608B91
                                                                                                                                                                                                                Function 00307E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00307E33
                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00307E4B
                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00307E6F
                                                                                                                                                                                                                • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00307E8A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 357397906-0
                                                                                                                                                                                                                • Opcode ID: 406727d6e1c788aa8ee11583b16111489595c36f59a3a56bd2b2fd472c53b981
                                                                                                                                                                                                                • Instruction ID: b73fd3ea097e215ef23566fd7b4b065dc38efcab104397b1fa0dc39b00d2b230
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 406727d6e1c788aa8ee11583b16111489595c36f59a3a56bd2b2fd472c53b981
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D21183B9D0120AAFDB41CF98C884AEEBBF9FF08310F109166E911E3250D735AA54CF90
                                                                                                                                                                                                                Function 002D2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 002D2DC5
                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 002D2DD6
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 002D2DDD
                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 002D2DE4
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2710830443-0
                                                                                                                                                                                                                • Opcode ID: aa060bfd601e69d8ac14fc8ff7aa9aea11528ec8e733345d5387728c4c05817a
                                                                                                                                                                                                                • Instruction ID: 3de0dc89380376bf59cf8075b9ee25aa161206ea25b34ed30a610cde76f49024
                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa060bfd601e69d8ac14fc8ff7aa9aea11528ec8e733345d5387728c4c05817a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8E09271122228BBD7311B729C0DFEB3E6DFF57BA1F041217F105D11809AA5C844C6B0
                                                                                                                                                                                                                Function 00308863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00289639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00289693
                                                                                                                                                                                                                  • Part of subcall function 00289639: SelectObject.GDI32(?,00000000), ref: 002896A2
                                                                                                                                                                                                                  • Part of subcall function 00289639: BeginPath.GDI32(?), ref: 002896B9
                                                                                                                                                                                                                  • Part of subcall function 00289639: SelectObject.GDI32(?,00000000), ref: 002896E2
                                                                                                                                                                                                                • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00308887
                                                                                                                                                                                                                • LineTo.GDI32(?,?,?), ref: 00308894
                                                                                                                                                                                                                • EndPath.GDI32(?), ref: 003088A4
                                                                                                                                                                                                                • StrokePath.GDI32(?), ref: 003088B2
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1539411459-0
                                                                                                                                                                                                                • Opcode ID: 8ccc68c81f180d1a20c2d840506763603804000371c91076f6aae14b710d8c10
                                                                                                                                                                                                                • Instruction ID: 524fff7bd87eaef7967e79eafce895477ee4a71718e517697c9912dd322a9ffb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8ccc68c81f180d1a20c2d840506763603804000371c91076f6aae14b710d8c10
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24F03A3A052658FAEB136F94AC29FCA3E5DAF06310F048101FA11650E1CB755561DFE5
                                                                                                                                                                                                                Function 002898B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetSysColor.USER32(00000008), ref: 002898CC
                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 002898D6
                                                                                                                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 002898E9
                                                                                                                                                                                                                • GetStockObject.GDI32(00000005), ref: 002898F1
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4037423528-0
                                                                                                                                                                                                                • Opcode ID: cb57db7e2b255a79cf10a9b49f5728513accd84f2eb0e2809f30a59666f0cc6b
                                                                                                                                                                                                                • Instruction ID: d72112a0d2a26dab32678092aa6d685d442658c0652ae2d85be33bf0ff7694d2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cb57db7e2b255a79cf10a9b49f5728513accd84f2eb0e2809f30a59666f0cc6b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6BE06531255240AEDB225F78AC19BE83F24AB12375F04831AFAF5540E1C37146509F10
                                                                                                                                                                                                                Function 002D162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 002D1634
                                                                                                                                                                                                                • OpenThreadToken.ADVAPI32(00000000,?,?,?,002D11D9), ref: 002D163B
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,002D11D9), ref: 002D1648
                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,002D11D9), ref: 002D164F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3974789173-0
                                                                                                                                                                                                                • Opcode ID: ae6d82f212e1dd64754b57bef85a121b46027868b9ece7dc541e7f2ab2444f67
                                                                                                                                                                                                                • Instruction ID: 5755d1d004f0c0649b4992f425e1881392d8adf84696495c67c6dad7e45ba198
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae6d82f212e1dd64754b57bef85a121b46027868b9ece7dc541e7f2ab2444f67
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 57E08631623211EBE7201FA09D1DB463B7CBF44791F14890AF345C9080D634C450C794
                                                                                                                                                                                                                Function 002CD858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 002CD858
                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 002CD862
                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 002CD882
                                                                                                                                                                                                                • ReleaseDC.USER32(?), ref: 002CD8A3
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2889604237-0
                                                                                                                                                                                                                • Opcode ID: 556fbd04567162674ddf6c944f9726732033538eb89b972e578602c0779fcebe
                                                                                                                                                                                                                • Instruction ID: fd4ee1fa52499df2ea5f62af94c92f10c6b1ec732ccd1adfccb9c0ff4d60d63c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 556fbd04567162674ddf6c944f9726732033538eb89b972e578602c0779fcebe
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EDE01274821204DFCF529FB0D81866DBBB5FB08310F14911AF846E7250C7758511DF54
                                                                                                                                                                                                                Function 002CD86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 002CD86C
                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 002CD876
                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 002CD882
                                                                                                                                                                                                                • ReleaseDC.USER32(?), ref: 002CD8A3
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2889604237-0
                                                                                                                                                                                                                • Opcode ID: 5f3bfd1c0edf9760a7a40e9fe5384bf551656ffe2ca2e3cb171fe6b440bfb8f3
                                                                                                                                                                                                                • Instruction ID: 7b9017e881ecd614dd3671edc048546c2b9148407086c77e39c37aa515b7a142
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5f3bfd1c0edf9760a7a40e9fe5384bf551656ffe2ca2e3cb171fe6b440bfb8f3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 78E01A74821204DFCF52AFB0D81866DBBB9BB08310F14910AE84AE7290CB395911DF44
                                                                                                                                                                                                                Function 002E4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00277620: _wcslen.LIBCMT ref: 00277625
                                                                                                                                                                                                                • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 002E4ED4
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Connection_wcslen
                                                                                                                                                                                                                • String ID: *$LPT
                                                                                                                                                                                                                • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                • Opcode ID: 79b08e24550f274412b39eef24689d31284fb6b7a63feb813dc360955068ed66
                                                                                                                                                                                                                • Instruction ID: bb63ad582bd35e161af43a76342f77d9d576cd081c71ec8b24831036968e557d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 79b08e24550f274412b39eef24689d31284fb6b7a63feb813dc360955068ed66
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5591A174A102459FCB14EF59C484EAABBF1BF48704F588099E80A9F7A2C771ED95CF90
                                                                                                                                                                                                                Function 0029E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __startOneArgErrorHandling.LIBCMT ref: 0029E30D
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorHandling__start
                                                                                                                                                                                                                • String ID: pow
                                                                                                                                                                                                                • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                • Opcode ID: f725f1610185f20299cf94cce7e0163e2b4be4233f56a2e587161d1d742f40d1
                                                                                                                                                                                                                • Instruction ID: 40ec3c2009208b2b4af094421f61a0b4be5820899448b9324b323d8fd7fa3728
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f725f1610185f20299cf94cce7e0163e2b4be4233f56a2e587161d1d742f40d1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F513F71A3C60397CF16BF14CD013BA3B98DB42740F358DA9E495422A9DF358CB19A4E
                                                                                                                                                                                                                Function 002F7771 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CharUpperBuffW.USER32(002C569E,00000000,?,0030CC08,?,00000000,00000000), ref: 002F78DD
                                                                                                                                                                                                                  • Part of subcall function 00276B57: _wcslen.LIBCMT ref: 00276B6A
                                                                                                                                                                                                                • CharUpperBuffW.USER32(002C569E,00000000,?,0030CC08,00000000,?,00000000,00000000), ref: 002F783B
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: BuffCharUpper$_wcslen
                                                                                                                                                                                                                • String ID: <s3
                                                                                                                                                                                                                • API String ID: 3544283678-1777503941
                                                                                                                                                                                                                • Opcode ID: d3e7759d7282ac9fa44a08559b9edfc5ba7ee0a41d9949b8da48e126a298966c
                                                                                                                                                                                                                • Instruction ID: a39e7e035e889de231f4607ba84efbe6d684bd22cccbfc0a2a4983afdba7ea9c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d3e7759d7282ac9fa44a08559b9edfc5ba7ee0a41d9949b8da48e126a298966c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08615A36934119EACF05EBA4CC91DFDB378BF14740B548139E646A7092EB705A29DBA0
                                                                                                                                                                                                                Function 0028E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: #
                                                                                                                                                                                                                • API String ID: 0-1885708031
                                                                                                                                                                                                                • Opcode ID: 089147aae47d883952f8ba67e46325729265172a157641f1b746fc6600f17738
                                                                                                                                                                                                                • Instruction ID: 6cb4e028facba130040682dda49f823aa465f4c463a56751fdd17145721f56ea
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 089147aae47d883952f8ba67e46325729265172a157641f1b746fc6600f17738
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD513435521247DFDF15EF28C482EBABBA8EF25310F258259EC519B2D0D7309D66CB90
                                                                                                                                                                                                                Function 0028F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 0028F2A2
                                                                                                                                                                                                                • GlobalMemoryStatusEx.KERNEL32(?), ref: 0028F2BB
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                • Opcode ID: 8422e8b4b29d876e87287d56ca4ff8b895dc2a4c0095c8f1e4c72079412ccfbc
                                                                                                                                                                                                                • Instruction ID: 062276c0b002953814e44ebb83fb032a2d4c491345b8a4bfce18ea4b94f59e9b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8422e8b4b29d876e87287d56ca4ff8b895dc2a4c0095c8f1e4c72079412ccfbc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C15123724287449BD320AF20DC86BAFBBF8FB95300F81885DF199411A5EB708539CB67
                                                                                                                                                                                                                Function 002F5745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 002F57E0
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002F57EC
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                • String ID: CALLARGARRAY
                                                                                                                                                                                                                • API String ID: 157775604-1150593374
                                                                                                                                                                                                                • Opcode ID: dbdc5e3c0dbd2d41001c0c83781add5998264b9694ecaf926a5467487c632c57
                                                                                                                                                                                                                • Instruction ID: 19e84c56f49a70ff73e3da71db0f3d2e8f88ffca36c5ea591406125f43689c3f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: dbdc5e3c0dbd2d41001c0c83781add5998264b9694ecaf926a5467487c632c57
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8341A131A2021D9FCB14EFA8C8818BEFBB5FF593A0F144129E605A7291E7749D91CF90
                                                                                                                                                                                                                Function 002ED0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002ED130
                                                                                                                                                                                                                • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 002ED13A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                • String ID: |
                                                                                                                                                                                                                • API String ID: 596671847-2343686810
                                                                                                                                                                                                                • Opcode ID: 1b7cc115480d4b378853df49a30eeb5e25c9857d6109edffd888889aa4ad53b6
                                                                                                                                                                                                                • Instruction ID: d9702d8afa29c00383dabdd7384c9f7151487d30561a07577630333af43cab71
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b7cc115480d4b378853df49a30eeb5e25c9857d6109edffd888889aa4ad53b6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B1311971D21209ABCF15EFA5CC85EEEBFB9FF04300F404019E819A6166D731AA66DF61
                                                                                                                                                                                                                Function 0030356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • DestroyWindow.USER32(?,?,?,?), ref: 00303621
                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0030365C
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$DestroyMove
                                                                                                                                                                                                                • String ID: static
                                                                                                                                                                                                                • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                • Opcode ID: c1e5ff0f8cccb116c012aaaa41bbb780b7c2d528ed050edcce12190e5682777e
                                                                                                                                                                                                                • Instruction ID: ef7e30ac9a3f1d5e0530ba9a41bcf40de9d05adeef4b90a0d65303f920590107
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c1e5ff0f8cccb116c012aaaa41bbb780b7c2d528ed050edcce12190e5682777e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5131BE71111608AEDB119F78DCA0EFB73ADFF88720F119619F8A597290DB31AD91CB60
                                                                                                                                                                                                                Function 00304537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0030461F
                                                                                                                                                                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00304634
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                • String ID: '
                                                                                                                                                                                                                • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                • Opcode ID: 59acd5c463f102180b9585442eca578ec082405053453a67df54c63a76da9167
                                                                                                                                                                                                                • Instruction ID: 7cb966be3a83c56a88c5ec1070daf072d7ba9e075f230e4ab90c87fb23ba15a6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 59acd5c463f102180b9585442eca578ec082405053453a67df54c63a76da9167
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 56313EB4A013099FDF15CFA5C990BDA7BB9FF49300F144069EA049B381E771AA41CF90
                                                                                                                                                                                                                Function 003031EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0030327C
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00303287
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                • String ID: Combobox
                                                                                                                                                                                                                • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                • Opcode ID: 16d2da1fedd6761581bca260b840bfa1f65dff60dbfc28dfe5fff752a5717adc
                                                                                                                                                                                                                • Instruction ID: 4d42be1005fe5d441ace05ccc9cf918573a3c6762f0cb532bd16c761ad170b9c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 16d2da1fedd6761581bca260b840bfa1f65dff60dbfc28dfe5fff752a5717adc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0111E2713012087FEF229F54DC90EBB376EEB94364F114525F9189B2D0D6319D518760
                                                                                                                                                                                                                Function 00303710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 0027600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0027604C
                                                                                                                                                                                                                  • Part of subcall function 0027600E: GetStockObject.GDI32(00000011), ref: 00276060
                                                                                                                                                                                                                  • Part of subcall function 0027600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0027606A
                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 0030377A
                                                                                                                                                                                                                • GetSysColor.USER32(00000012), ref: 00303794
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                • String ID: static
                                                                                                                                                                                                                • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                • Opcode ID: 6220244cda9ef03eae55b072ffa6700ea952d93e993c6a308447fe927a6f522f
                                                                                                                                                                                                                • Instruction ID: 714d503716b6c38cbb21f8c32c555a03f6f2a5de112803bda57cf16c2a60eff9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6220244cda9ef03eae55b072ffa6700ea952d93e993c6a308447fe927a6f522f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C116AB2610209AFDF02DFA8CC45EEA7BB8FF08304F014A15FD55E2290D735E8619B50
                                                                                                                                                                                                                Function 002ECD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 002ECD7D
                                                                                                                                                                                                                • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 002ECDA6
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Internet$OpenOption
                                                                                                                                                                                                                • String ID: <local>
                                                                                                                                                                                                                • API String ID: 942729171-4266983199
                                                                                                                                                                                                                • Opcode ID: c7aa14f41a01d9b9644253089e7d80ae5adf011ed8735129cd7cb0e4e3c47201
                                                                                                                                                                                                                • Instruction ID: f7b9b2cd79cec5b2f7f6693f5d35516c8aa16b0d924f5b83cbeb555fae54a90a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c7aa14f41a01d9b9644253089e7d80ae5adf011ed8735129cd7cb0e4e3c47201
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0211C6712A5672BED7344FA78C45EE7BEACEF127A4FA04236B10983080D7759852D6F0
                                                                                                                                                                                                                Function 00303429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetWindowTextLengthW.USER32(00000000), ref: 003034AB
                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 003034BA
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                • String ID: edit
                                                                                                                                                                                                                • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                • Opcode ID: 86d56fa5a05f9ba102a35ca1873323d6d8aef09f2d869e91ffb2121076eecd0b
                                                                                                                                                                                                                • Instruction ID: 3ba09f284c188b1e1d19d555a4e8ee564a8fba3e0a1dda892c05be66c1213ec9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 86d56fa5a05f9ba102a35ca1873323d6d8aef09f2d869e91ffb2121076eecd0b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C4119A71102208AAEB238F65DCA4ABB376EEB05374F514324F9609B1E0C771EC919B60
                                                                                                                                                                                                                Function 002D6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00279CB3: _wcslen.LIBCMT ref: 00279CBD
                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?,?), ref: 002D6CB6
                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 002D6CC2
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                • String ID: STOP
                                                                                                                                                                                                                • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                • Opcode ID: a2dd4229116d10a26108e33fd739bc34036d676334c68e3faab606ebcdacaeee
                                                                                                                                                                                                                • Instruction ID: fda276d77230e6eca79c0e560449252da20c84c2d631e66bb487d56f6da99a5a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a2dd4229116d10a26108e33fd739bc34036d676334c68e3faab606ebcdacaeee
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 160104326305278BCB21AFFDDC898BF33A5EB60710B10052BE85292291EA31DC60CA50
                                                                                                                                                                                                                Function 002D1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00279CB3: _wcslen.LIBCMT ref: 00279CBD
                                                                                                                                                                                                                  • Part of subcall function 002D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 002D3CCA
                                                                                                                                                                                                                • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 002D1D4C
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                • API String ID: 624084870-1403004172
                                                                                                                                                                                                                • Opcode ID: 70f42f39c66a7497a30d4f3108e21b642c4f553b238523c32fac86a53ada5852
                                                                                                                                                                                                                • Instruction ID: de1e6c2027bf0db2636956f01ce8609cc6fbc4c6a512c4adf5a260b06e7f5d18
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70f42f39c66a7497a30d4f3108e21b642c4f553b238523c32fac86a53ada5852
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1012831631218BBCB09EFA0CC52CFEB369EB16350B04060BF826573C1EB305D388A61
                                                                                                                                                                                                                Function 002D1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00279CB3: _wcslen.LIBCMT ref: 00279CBD
                                                                                                                                                                                                                  • Part of subcall function 002D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 002D3CCA
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000180,00000000,?), ref: 002D1C46
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                • API String ID: 624084870-1403004172
                                                                                                                                                                                                                • Opcode ID: ba40635dc448f31ac567f67eea7bc1fe987cfda7736456ea12c763ba1e9694fe
                                                                                                                                                                                                                • Instruction ID: df87c7aa8945222234d4e99b250ce2e6989c8aaade4aed8c0276e3c2ef42ce94
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba40635dc448f31ac567f67eea7bc1fe987cfda7736456ea12c763ba1e9694fe
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E201A7757B120976DF15EB90CD52DFFB7A89B15340F14001BE40667782EA609E788AB3
                                                                                                                                                                                                                Function 002D1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00279CB3: _wcslen.LIBCMT ref: 00279CBD
                                                                                                                                                                                                                  • Part of subcall function 002D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 002D3CCA
                                                                                                                                                                                                                • SendMessageW.USER32(?,00000182,?,00000000), ref: 002D1CC8
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                • API String ID: 624084870-1403004172
                                                                                                                                                                                                                • Opcode ID: f57336a6b44232ad3e42c2464bd271205b4bdef66c24776b88015d1bfe9c995e
                                                                                                                                                                                                                • Instruction ID: b8102f242d80eacaeca1b8b1f547ba17b14b35e74975770cca19edcc24598102
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f57336a6b44232ad3e42c2464bd271205b4bdef66c24776b88015d1bfe9c995e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A01A2717B121976CB15EBA0CA52EFEB3AC9B11340F14001BB80673781EA619F388A73
                                                                                                                                                                                                                Function 0028A4D6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 0028A529
                                                                                                                                                                                                                  • Part of subcall function 00279CB3: _wcslen.LIBCMT ref: 00279CBD
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Init_thread_footer_wcslen
                                                                                                                                                                                                                • String ID: ,%4$3y,
                                                                                                                                                                                                                • API String ID: 2551934079-1407830953
                                                                                                                                                                                                                • Opcode ID: 93bc07b3933739226c86340d9c023901acdf27063f22977e279011eac122827e
                                                                                                                                                                                                                • Instruction ID: 6512c8aa4149138e0f55a1f6495bbb2b1dfb67fb84dccf42c0abd9ac974bf34c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 93bc07b3933739226c86340d9c023901acdf27063f22977e279011eac122827e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D7017B39B326148BDA01F768E85BA9D7364CB06710F80406AF5052B1C2DE646DA18F97
                                                                                                                                                                                                                Function 002D1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00279CB3: _wcslen.LIBCMT ref: 00279CBD
                                                                                                                                                                                                                  • Part of subcall function 002D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 002D3CCA
                                                                                                                                                                                                                • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 002D1DD3
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                • API String ID: 624084870-1403004172
                                                                                                                                                                                                                • Opcode ID: ba80b66f546b4082c78d6d2e6496c24c84bef3a35822e73df93b086bf8cb8a0e
                                                                                                                                                                                                                • Instruction ID: 5f922268c9d54801f33267fc9c77ce564119d087003dd2bdc108c59fb40b65ee
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba80b66f546b4082c78d6d2e6496c24c84bef3a35822e73df93b086bf8cb8a0e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: ADF0F471B7531876CB05EBA4CC92EFEB36CAB16350F04091BF826637C1DB705D288A61
                                                                                                                                                                                                                Function 00308172 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00343018,0034305C), ref: 003081BF
                                                                                                                                                                                                                • CloseHandle.KERNEL32 ref: 003081D1
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                • String ID: \04
                                                                                                                                                                                                                • API String ID: 3712363035-1679150208
                                                                                                                                                                                                                • Opcode ID: cf58194d183e20d16660fbe18520e03a4c2a2adbec0b3b0aed74f8a015b48da3
                                                                                                                                                                                                                • Instruction ID: f20e87d9b3de02a7f76c2d3cd59131fa795a1da6e213cd4c9edeb04ae7809a30
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf58194d183e20d16660fbe18520e03a4c2a2adbec0b3b0aed74f8a015b48da3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3F0E2F9651300BEE7226720AC05FB73A8CDB05750F000161BB0DDB0E2DA7AAE1087F8
                                                                                                                                                                                                                Function 002F747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _wcslen
                                                                                                                                                                                                                • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                • API String ID: 176396367-3042988571
                                                                                                                                                                                                                • Opcode ID: e3e87fdf32168d40820a0727e8d4be74209b0f788e9eed544099422c76de1dd1
                                                                                                                                                                                                                • Instruction ID: c20c7b05c0fae49fe5b87bc18b8ef484a6ac0f6c6bf8635b25788d103f60337c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e3e87fdf32168d40820a0727e8d4be74209b0f788e9eed544099422c76de1dd1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: ADE02B0623426510A23136799CC1D7F9699DFC97E0710183BFA81C2266EA948DB293A0
                                                                                                                                                                                                                Function 002D0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 002D0B23
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Message
                                                                                                                                                                                                                • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                • Opcode ID: 61b159fde78b35834a6b7c73ad8e3d4e49de90ef03123ad32e6770e1c2e3062b
                                                                                                                                                                                                                • Instruction ID: f67dca3b7cc180f7eb364a9f2e0dedb320e10edead60a51c51d43cb836650926
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 61b159fde78b35834a6b7c73ad8e3d4e49de90ef03123ad32e6770e1c2e3062b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5E0D8312663086AD21537947C47FC97B848F05F51F100427F788555C38BE164B04BA9
                                                                                                                                                                                                                Function 00290D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 0028F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00290D71,?,?,?,0027100A), ref: 0028F7CE
                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,0027100A), ref: 00290D75
                                                                                                                                                                                                                • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0027100A), ref: 00290D84
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00290D7F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                • API String ID: 55579361-631824599
                                                                                                                                                                                                                • Opcode ID: df1489726652184f87c7e984abe7673efe47eafe782e1ba5ea76c539ca352e46
                                                                                                                                                                                                                • Instruction ID: 274e78454d34b46b947e3bda79946d9ec8db0c4616ac93e01d08370fcdb8b7da
                                                                                                                                                                                                                • Opcode Fuzzy Hash: df1489726652184f87c7e984abe7673efe47eafe782e1ba5ea76c539ca352e46
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74E06D782127018FEB719FB8D4587427BE8EB00B40F008A2DE896C6A95DBB0E444CBA1
                                                                                                                                                                                                                Function 0028E398 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 0028E3D5
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Init_thread_footer
                                                                                                                                                                                                                • String ID: 0%4$8%4
                                                                                                                                                                                                                • API String ID: 1385522511-4204812540
                                                                                                                                                                                                                • Opcode ID: 2d2bb4300dbd5603e4d1a4bb460dc32d82be55a87c94f2e983bc43bf25d96ae3
                                                                                                                                                                                                                • Instruction ID: 6500f83e78f8a905a0f6ad60925abd53fd3f6f2051219e4eb85f2719f31045a5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2d2bb4300dbd5603e4d1a4bb460dc32d82be55a87c94f2e983bc43bf25d96ae3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FDE0DF3D5319148BCE06BB18B894EAAB399AB07320B9101E5F102AF1D19F303C518B44
                                                                                                                                                                                                                Function 002E3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 002E302F
                                                                                                                                                                                                                • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 002E3044
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Temp$FileNamePath
                                                                                                                                                                                                                • String ID: aut
                                                                                                                                                                                                                • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                • Opcode ID: 4bdd0dd2719a9540130c0faf1b9e0dc37ce6a6658516f0ef9dcc5e177f798192
                                                                                                                                                                                                                • Instruction ID: 1b367c73e0e259dee502ad15a828fc2aeae6a8835f585b8fdc33a496ac8acc4f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4bdd0dd2719a9540130c0faf1b9e0dc37ce6a6658516f0ef9dcc5e177f798192
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CED05EB25013287BDE20A7A4AC4EFCB3A6CDB05751F0006A2B655E24D1DBB09984CAD0
                                                                                                                                                                                                                Function 002CD21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: LocalTime
                                                                                                                                                                                                                • String ID: %.3d$X64
                                                                                                                                                                                                                • API String ID: 481472006-1077770165
                                                                                                                                                                                                                • Opcode ID: b03a0de9b2604522093c3c37ed1215a4a6be90305a3669b0603d8ebe79787d8b
                                                                                                                                                                                                                • Instruction ID: b1d0d5572594a5a0e9f2410d9c998d1e20760d430d248c24f712ec50c053ac19
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b03a0de9b2604522093c3c37ed1215a4a6be90305a3669b0603d8ebe79787d8b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 75D012A5C39108EACB90A7D0CC45EBAB3BCEB09301F508576FC0692082D674D568AB62
                                                                                                                                                                                                                Function 00302322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0030232C
                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0030233F
                                                                                                                                                                                                                  • Part of subcall function 002DE97B: Sleep.KERNEL32 ref: 002DE9F3
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                                                                                                                • API String ID: 529655941-2988720461
                                                                                                                                                                                                                • Opcode ID: 4467cff6f91c849f85af41486218380848c0c74ba68d78952879c155071ef16e
                                                                                                                                                                                                                • Instruction ID: 56ef51a50140ca58218bca5a91b9663d4f971b930c56848d7f4de324e6d58291
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4467cff6f91c849f85af41486218380848c0c74ba68d78952879c155071ef16e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EDD022363A2300BBE678B330DC2FFC6BA0C9B00B00F004A03B305AA1D0C8F0AC00CA54
                                                                                                                                                                                                                Function 00302356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0030236C
                                                                                                                                                                                                                • PostMessageW.USER32(00000000), ref: 00302373
                                                                                                                                                                                                                  • Part of subcall function 002DE97B: Sleep.KERNEL32 ref: 002DE9F3
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                                                                                                                • API String ID: 529655941-2988720461
                                                                                                                                                                                                                • Opcode ID: 835fbf538fa1564bed5337e8568627354f29fc8ea093bcb1bd94110795aa248f
                                                                                                                                                                                                                • Instruction ID: c7683fc7d073de31f202740066af1a65b7b6bd56b342a3cddee8c57e5aa0673e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 835fbf538fa1564bed5337e8568627354f29fc8ea093bcb1bd94110795aa248f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62D0A9323A23007AE669B3309C1FFC6A6089B00B00F004A03B201AA1D0C8A0A8008A58
                                                                                                                                                                                                                Function 002ABDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 002ABE93
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 002ABEA1
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 002ABEFC
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000002.1737298869.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737254121.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.000000000030C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737426123.0000000000332000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737547825.000000000033C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000002.1737585558.0000000000344000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_file.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1717984340-0
                                                                                                                                                                                                                • Opcode ID: d6d4afe5f7b601ad194040321ca9ba18c4363eab2f453a1425f617102a8ede54
                                                                                                                                                                                                                • Instruction ID: 8a2d401f574a074c98868f34efa25428bf6e6c1becd1ea7f284786fdddff2316
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d6d4afe5f7b601ad194040321ca9ba18c4363eab2f453a1425f617102a8ede54
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E541E535625247AFCF228F64CD54AAABBA5AF43310F184269F959DB1A2DF308D20CF50